1

I just started to learn php and in this code i want to auto generate an id number and call it

Here is my code for creating table:

<?php
$link = mysqli_connect("localhost","root","","demo");
$sql="CREATE TABLE persons(first_name VARCHAR(30) NOT NULL, id INT (1) NOT NULL PRIMARY KEY 
AUTO_INCREMENT)";
if(mysqli_query($link,$sql))
        { echo "Table created successfully.";}
mysqli_close($link);
?>

Code for adding values and i want to call the value of my id number and display it here but i dont know how.

<!DOCTYPE html>
<html>
<body>
<form action="insert.php" method="post">
First name: <input type="text" name="first_name">
ID no: <name="id">
<input type="submit" value="Submit Form">
</body>
</html>

Code for inserting the values:

<html>
<?php 
$link = mysqli_connect("localhost", "root", "", "demo"); 
$first_name = mysqli_real_escape_string($link, $_REQUEST['first_name']); 
$id = mysqli_real_escape_string($link, $_REQUEST['id']); 
$sql = "INSERT INTO persons (first_name,id)
VALUES('$first_name','$id')";
mysqli_close($link); ?>
</html>
ace_mbj
  • 151
  • 6
  • https://www.php.net/manual/en/mysqli.insert-id.php – ADyson Jun 07 '21 at 08:22
  • 2
    P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. mysqli_real_escape_string does not protect against everything. – ADyson Jun 07 '21 at 08:22
  • 1
    Also, never configure your web app to login to the database as root. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. – ADyson Jun 07 '21 at 08:22
  • 1
    Apart from reading the manual, your question is a duplicate of [How do I get the last inserted ID of a MySQL table in PHP?](https://stackoverflow.com/questions/1685860/how-do-i-get-the-last-inserted-id-of-a-mysql-table-in-php) (and several others). – ADyson Jun 07 '21 at 08:24
  • I've only been studying it for a week so please don't be so harsh at me. @ADyson – ace_mbj Jun 07 '21 at 08:31
  • I wasn't being harsh, I was just stating the facts. I would gently suggest that being new does not prevent you from typing your question into google, possibly using different variations or iterations if you're unsure precisely what to search for. In fact, being new to progamming makes that skill even more important. (And the existence of the manual is not a secret, as a beginner you probably need to have it open all the time.) – ADyson Jun 07 '21 at 08:33
  • thank you for your concern @ADyson, i really appreciate it. but my problem is still hasn't solve – ace_mbj Jun 07 '21 at 08:36
  • Well what exactly did you change? We can't help you if you don't show how you have applied what you learned. – ADyson Jun 07 '21 at 08:41
  • 1
    P.S. if you think I was being harsh regarding the SQL injection stuff then, again, no - in fact whoever / whatever you're learning from should have been showing you how to write the queries correctly in order to be protected from these common issues. If they didn't, then the teaching material was inadequate and you should switch to another learning resource. Learning how to do it correctly from day one is much easier than having to re-learn everything later. – ADyson Jun 07 '21 at 08:43
  • You just don't understand. @ADyson – ace_mbj Jun 07 '21 at 08:49
  • 2
    don't understand what, exactly? If you want some help you'll need to be more specific :) – ADyson Jun 07 '21 at 08:51

1 Answers1

-3

your code is vulnerable to sql injection, but if you want auto increment an id manually by php or add automatic unique value you can do checking the last id that given and add + 1 to last id.

it will be like

    <?php
       $link = mysqli_connect("localhost", "root", "", "demo"); 
       $idGet = "SELECT * FROM persons ORDER BY id DESC LIMIT 1";
       $idVal = mysqli_query($link,$idGet);
       if(mysqli_num_rows($idVal)>0){
         $id = mysqli_fecth_assoc($idVal);
         $lastid = $id["id"]+1;
         
       }else{
         $lastid  = 0;
       };

       $first_name = mysqli_real_escape_string($link,htmlspecialchars($_REQUEST['first_name']));
       $insertGet = "INSERT INTO persons (first_name,id) VALUE('$first_name','$lastid')";
       $insertVal = mysqli_query($link, $insertGet);
    ?>

you can modified the code as you need

Eki einstein Laksamana
  • 1
  • 1
  • 2
    Not only are there issues with this code (like starting the id's at 0 instead of 1), but you should not do it manual at all. If you have several concurrent requests, you can end up with race conditions, which could really severely break things – M. Eriksson Jun 07 '21 at 08:50
  • 2
    This is terrible advice and goes against all accepted best practice since relational databases were invented 50 years ago. This leads to race conditions and duplicate IDs. No-one should ever implement this in a real database. – ADyson Jun 07 '21 at 08:50