{"id":6232,"date":"2021-06-12T14:13:20","date_gmt":"2021-06-12T14:13:20","guid":{"rendered":"https:\/\/programmingfields.com\/?p=6232"},"modified":"2023-09-28T03:33:44","modified_gmt":"2023-09-28T03:33:44","slug":"crud-application-in-php-8-using-prepared-statement","status":"publish","type":"post","link":"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/","title":{"rendered":"CRUD Application in PHP 8 Using Prepared Statement"},"content":{"rendered":"\n<p>Security is a measured challenge while creating an application in PHP. The raw SQL query in PHP can be injected through a malicious function. This may affect your entire functionality. Even you can lose your database or particular table and even any record. Due to the SQL injection, the vulnerable code or script can be injected into your SQL query. It is the most important thing to prevent <strong>SQL injection <\/strong>in your PHP application. I already shared a brief post on <a rel=\"noreferrer noopener\" href=\"https:\/\/programmingfields.com\/what-is-sql-injection-and-how-to-prevent-it-in-php\/\" data-type=\"URL\" data-id=\"https:\/\/programmingfields.com\/what-is-sql-injection-and-how-to-prevent-it-in-php\/\" target=\"_blank\">SQL Injection and Prevention Techniques in PHP<\/a>. The PHP frameworks like <a rel=\"noreferrer noopener\" href=\"https:\/\/programmingfields.com\/category\/laravel\/\" target=\"_blank\">Laravel<\/a>, <a rel=\"noreferrer noopener\" href=\"https:\/\/programmingfields.com\/category\/codeigniter-4\/\" target=\"_blank\">CodeIgniter<\/a>, etc. are secured from the SQL injection. We can overcome the possibility of SQL injection using a <strong>prepared statement<\/strong>. The<strong> PHP prepared statement <\/strong>query will generate a placeholder. It will prepare a SQL statement and later will bind the values to the placeholder. In this post, I will create a CRUD app using a prepared statement.<\/p>\n\n\n\n<p>We are going to build something like this.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"458\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-05-53.png?resize=1024%2C458&#038;ssl=1\" alt=\"Post Created with Success Message\" class=\"wp-image-6273\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-05-53.png?resize=1024%2C458&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-05-53.png?resize=300%2C134&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-05-53.png?resize=768%2C343&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-05-53.png?w=1297&amp;ssl=1 1297w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Post Created with Success Message<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Prerequisites\" >Prerequisites<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Create_a_Project_Folder_Structure\" >Create a Project Folder Structure<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Create_a_Database_and_Table\" >Create a Database and Table<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Database_Connection_For_PHP_Prepared_Statement\" >Database Connection For PHP Prepared Statement<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Create_Master_Layouts_in_PHP\" >Create Master Layouts in PHP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Create_an_Index_File_For_Displaying_the_Data\" >Create an Index File For Displaying the Data<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#CRUD_in_PHP_Using_Prepared_Statement\" >CRUD in PHP Using Prepared Statement<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Create_Post\" >Create Post<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Show_Post\" >Show Post<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Update_Post\" >Update Post<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Delete_Post\" >Delete Post<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/programmingfields.com\/crud-application-in-php-8-using-prepared-statement\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Prerequisites\"><\/span><strong>Prerequisites<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For creating this CRUD application in php using a prepared statement, you must have the below configuration. <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Apache\/Nginx Server<\/strong><\/li>\n\n\n\n<li><strong>PHP &gt;=7<\/strong><\/li>\n\n\n\n<li><strong>MySQL &gt;=5<\/strong><\/li>\n\n\n\n<li><strong>VS Code<\/strong> <strong>(Optional)<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_a_Project_Folder_Structure\"><\/span><strong>Create a Project Folder Structure<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Firstly, go to <strong>htdocs<\/strong> directory if you are a Windows user and already have installed <strong>xampp\/wampp<\/strong>. If you are a Linux user then go to the <strong>var\/www\/html<\/strong> and create a new folder there. In my case, the folder name is <strong>crud<\/strong>. Inside this folder, I have created these two <strong>subfolders<\/strong> named assets and <strong>master<\/strong>.<\/p>\n\n\n\n<p>Let me explain the file<\/p>\n\n\n\n<p>Make the folder structure as shown below.<\/p>\n\n\n\n<pre title=\"Folder Structure\" class=\"wp-block-code\"><code lang=\"basic\" class=\"language-basic\"> <strong>crud<\/strong>\n <strong>--&gt; master<\/strong>\n     --&gt; header.php\n     --&gt; footer.php\n create.php\n DataController.php\n DBController.php\n edit.php\n index.php\n show.php<\/code><\/pre>\n\n\n\n<p>The assets folder has a <strong>script.js<\/strong> file that will contain the script code for form validation.<\/p>\n\n\n\n<p>Inside the <strong>master<\/strong> folder there are two files &#8211;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>header.php and<\/strong><\/li>\n\n\n\n<li><strong>footer.php<\/strong><\/li>\n<\/ul>\n\n\n\n<p>I have used Bootstrap CDN so I kept it inside the <strong>header.php<\/strong> file. We will include the header and footer files in our other files.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>create.php<\/strong>&#8211; This will contain a basic form for creating a new post.<\/li>\n\n\n\n<li><strong>show.php<\/strong>&#8211; On this page, there will be the inputs to display the post detail.<\/li>\n\n\n\n<li><strong>edit.php<\/strong>&#8211; It is for updating the post.<\/li>\n\n\n\n<li><strong>index.php<\/strong>&#8211; All the posts will be shown in the form of a table.<\/li>\n\n\n\n<li><strong>DataController.php<\/strong>&#8211; All the server-side logic and operations will be written here.<\/li>\n\n\n\n<li><strong>DBController.php<\/strong>&#8211; It will contain the database configuration.<\/li>\n<\/ul>\n\n\n\n<p>Here, I have opened the project folder in the VS Code editor. It should look like this.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"696\" height=\"495\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-18-01-01.png?resize=696%2C495&#038;ssl=1\" alt=\"Folder Structure Of CRUD App in PHP\" class=\"wp-image-6267\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-18-01-01.png?w=696&amp;ssl=1 696w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-18-01-01.png?resize=300%2C213&amp;ssl=1 300w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><figcaption class=\"wp-element-caption\"><strong>Folder Structure Of CRUD App in PHP<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>After creating the files let&#8217;s add the code one by one.<\/p>\n\n\n\n<p class=\"recommended-link\">Recommended: <a href=\"https:\/\/programmingfields.com\/how-to-create-a-virtual-host-in-xampp-for-php-in-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Create a Virtual Host in XAMPP For PHP in Windows<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_a_Database_and_Table\"><\/span><strong>Create a Database and Table<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>At very first, you have to create a database connection. We will be using the object-oriented approach for connecting the database. Even the entire PHP functionality will be written in the Object Oriented form.<\/p>\n\n\n\n<p>Hence, go to the <strong>phpMyAdmin<\/strong> or <strong>MySQL<\/strong> terminal. Then create a database there.<\/p>\n\n\n\n<pre title=\"create database\" class=\"wp-block-code\"><code lang=\"sql\" class=\"language-sql\">CREATE DATABASE php_crud;<\/code><\/pre>\n\n\n\n<p>After creating the database, just create a table. You can dump the below schema there. It will generate the <strong>posts<\/strong> table with the specified fields.<\/p>\n\n\n\n<pre title=\"create posts table\" class=\"wp-block-code\"><code lang=\"sql\" class=\"language-sql\">CREATE TABLE <code>posts<\/code> (\n   <code>id<\/code> bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,\n   <code>title<\/code> varchar(250) DEFAULT NULL,\n   <code>description<\/code> text,\n   <code>created_at<\/code> timestamp NULL DEFAULT CURRENT_TIMESTAMP,\n   <code>updated_at<\/code> timestamp NULL DEFAULT CURRENT_TIMESTAMP\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;<\/code><\/pre>\n\n\n\n<p>After creating the database and table, you have to create a connection for this project.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Database_Connection_For_PHP_Prepared_Statement\"><\/span><strong>Database Connection For PHP Prepared Statement<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>We already have the <strong>DBController.php<\/strong> file. Hence, you need to open it and paste the below snippet.<\/p>\n\n\n\n<pre title=\"DBController.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php \n\nclass DBController {\n    public string $hostname;\n    public string $dbname;\n    public string $username;\n    public string $password; \n\n    \/**\n     * Constructor\n     * @param No\n     *\/\n    function __construct()\n    {\n        $this-&gt;hostname = \"localhost\";\n        $this-&gt;dbname = \"php_crud\";\n        $this-&gt;username = \"root\";\n        $this-&gt;password = \"root\";\n    }\n\n    \/**\n     * Create Connection \n     * @param No\n     * @return $conn\n     *\/\n    function connect() {\n        $conn = new mysqli($this-&gt;hostname, $this-&gt;username, $this-&gt;password, $this-&gt;dbname);\n        if($conn-&gt;connect_errno &gt; 0) {\n            die(\"database connection failed &lt;br\/&gt;\" . $conn-&gt;connect_error);\n        }\n        return $conn;\n    }\n\n    \/**\n     * Close connection\n     * @param $conn\n     * @return null\n     *\/\n    function close($conn) {\n        $conn-&gt;close();\n    }\n}<\/code><\/pre>\n\n\n\n<p>After that, we will be moving to the layouts part of this project.<\/p>\n\n\n\n<p class=\"recommended-link\">Recommended: <a href=\"https:\/\/programmingfields.com\/how-to-create-a-crud-application-in-laravel-10-for-beginners\/\" target=\"_blank\" rel=\"noopener\">How to Create a\u00a0CRUD\u00a0Application in Laravel 10 For Beginners<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_Master_Layouts_in_PHP\"><\/span><strong>Create Master Layouts in PHP<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Firstly, start with the header.php file. I have added <strong>Bootstrap 4 CDN<\/strong> to use the predefined classes for the style.<\/p>\n\n\n\n<pre title=\"header.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;!doctype html&gt;\n&lt;html lang=\"en\"&gt;\n\n&lt;head&gt;\n    &lt;title&gt;PHP CRUD Application Using Prepared Statements&lt;\/title&gt;\n    &lt;meta charset=\"utf-8\"&gt;\n    &lt;meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\"&gt;\n    &lt;link rel=\"stylesheet\" href=\"https:\/\/stackpath.bootstrapcdn.com\/bootstrap\/4.3.1\/css\/bootstrap.min.css\"\n        integrity=\"sha384-ggOyR0iXCbMQv3Xipma34MD+dH\/1fQ784\/j6cY\/iJTQUOhcWr7x9JvoRxT2MZw1T\" crossorigin=\"anonymous\"\/&gt;\n    &lt;style&gt;\n        label.error {\n        color: #dc3545;\n    }\n&lt;\/style&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;div class=\"container-fluid py-3\"&gt;\n        &lt;h3 class=\"text-center font-weight-bold\"&gt;PHP CRUD App Using Prepared Statement &lt;\/h3&gt;<\/code><\/pre>\n\n\n\n<p>Next, inside the <strong>footer.php<\/strong> put the below snippet. Here, I used<a rel=\"noreferrer noopener\" href=\"https:\/\/code.jquery.com\/\" target=\"_blank\"> jQuery CDN<\/a> and <strong>jQuery Validator<\/strong>. Lastly, I have created the validation rules provided by the jQuery Validator.<\/p>\n\n\n\n<pre title=\"footer.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">        &lt;\/div&gt;\n    &lt;script src=\"https:\/\/code.jquery.com\/jquery-3.5.1.min.js\"\n        integrity=\"sha256-9\/aliU8dGd2tb6OSsuzixeV4y\/faTqgFtohetphbbj0=\" crossorigin=\"anonymous\"&gt;\n    &lt;\/script&gt;\n    &lt;script src=\"https:\/\/stackpath.bootstrapcdn.com\/bootstrap\/4.3.1\/js\/bootstrap.min.js\"\n        integrity=\"sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf\/nJGzIxFDsf4x0xIM+B07jRM\" crossorigin=\"anonymous\"&gt;\n    &lt;\/script&gt;\n    &lt;script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/jquery-validate\/1.19.2\/jquery.validate.min.js\"&gt;&lt;\/script&gt;\n  \n    &lt;!-- custom script --&gt; \n    &lt;script&gt;\n        $(document).ready(function() {\n            $(\"#postForm\").validate({\n                rules: {\n                    title: {\n                        required: true,\n                        minlength: 10,\n                    },\n                    description:{\n                        required: true,\n                        minlength: 20,\n                    }\n                },\n                messages: {\n                    title: {\n                        required: \"Title is required\",\n                        minlength: \"Title cannot be less than 10 characters\"\n                    },\n                    description: {\n                        required: \"Description is required\",\n                        minlength: \"Description cannot be less than 20 characters\"\n                    },\n                }\n            });\n        });\n    &lt;\/script&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n\n\n\n<p>After creating the master layouts, let&#8217;s create the script file and put the code there.<\/p>\n\n\n\n<p class=\"recommended-link\">Recommended: <a href=\"https:\/\/programmingfields.com\/create-a-crud-application-in-codeigniter-4-for-beginners\/\" target=\"_blank\" rel=\"noopener\">How to Create a CRUD\u00a0Application in\u00a0CodeIgniter 4\u00a0For Beginners<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_an_Index_File_For_Displaying_the_Data\"><\/span><strong>Create an Index File For Displaying the Data<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In the <strong>index.php<\/strong> file, we will have a table for displaying the posts. There will be a button to navigate to a new page called <strong>create.php<\/strong> file. Add the below snippet there.<\/p>\n\n\n\n<pre title=\"index.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php \n\n    ini_set('display_errors', 1);\n    include_once ('.\/master\/header.php');\n\n    require_once('.\/DataController.php');\n    $dataCtrl = new DataController;\n    $posts = $dataCtrl-&gt;posts();\n\n?&gt;\n    &lt;div class=\"row py-4\"&gt;\n        &lt;div class=\"col-xl-5 col-xl-5 col-md-5 col-sm-12 col-12 offset-xl-3 offset-lg-3\"&gt;\n            &lt;?php echo isset($_SESSION['response'])?\n                ($_SESSION['response']['status'] == \"success\" ? '&lt;div class=\"alert alert-success alert-dismissible\"&gt;\n                &lt;button type=\"button\" class=\"close\" data-dismiss=\"alert\"&gt;&amp;times; &lt;\/button&gt;\n                '.$_SESSION['response']['message'].'&lt;\/div&gt;' :\n                 '&lt;div class=\"alert alert-danger alert-dismissible\"&gt;\n                &lt;button type=\"button\" class=\"close\" data-dismiss=\"alert\"&gt;&amp;times; &lt;\/button&gt;\n                '.$_SESSION['response']['message'].'&lt;\/div&gt;'):''?&gt;\n\n            &lt;?php session_unset(); ?&gt;\n        &lt;\/div&gt;\n        &lt;div class=\"col-xl-4 col-lg-4 col-md-4  text-right\"&gt;\n            &lt;a href=\"create.php\" class=\"btn btn-primary \"&gt; Create Post &lt;\/a&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n    &lt;div class=\"table-responsive py-4\"&gt;\n        &lt;table class=\"table table-striped\"&gt;\n            &lt;thead class=\"bg-secondary text-white\"&gt;\n                &lt;tr&gt;\n                    &lt;th&gt;Id&lt;\/th&gt;\n                    &lt;th&gt;Title&lt;\/th&gt;\n                    &lt;th&gt;Description&lt;\/th&gt;\n                    &lt;th&gt;Date&lt;\/th&gt;\n                    &lt;th style=\"width:16%\"&gt;Action&lt;\/th&gt;\n                &lt;\/tr&gt;\n            &lt;\/thead&gt;\n            &lt;tbody&gt;\n                &lt;?php \n                    if(count($posts) &gt; 0):\n                        foreach($posts as $post):?&gt;\n                            &lt;tr&gt;\n                                &lt;td&gt; &lt;?= $post['id']; ?&gt; &lt;\/td&gt;\n                                &lt;td&gt; &lt;?= stripslashes($post['title']); ?&gt; &lt;\/td&gt;\n                                &lt;td&gt; &lt;?= stripslashes($post['description']); ?&gt; &lt;\/td&gt;\n                                &lt;td&gt; &lt;?= $post['created_at']; ?&gt; &lt;\/td&gt;\n                                &lt;td&gt; &lt;a href=\"show.php?post=&lt;?= $post['id']; ?&gt;\" name=\"show\" class=\"btn btn-info btn-sm\"&gt;View&lt;\/a&gt;\n                                    &lt;a href=\"edit.php?post=&lt;?= $post['id']; ?&gt;\" class=\"btn btn-success btn-sm\"&gt;Edit&lt;\/a&gt;\n                                    &lt;a href=\"DataController.php?delete=&lt;?= $post['id'];?&gt;\" class=\"btn btn-danger btn-sm\" onclick=\"return confirm('Do you want delete this record?');\"&gt;Delete&lt;\/a&gt;\n                                &lt;\/td&gt;\n                            &lt;\/tr&gt;\n               \n                &lt;?php\n                        endforeach;\n                    else: ?&gt;\n                        &lt;tr&gt;\n                            &lt;td colspan=\"5\" rowspan=\"2\"&gt;\n                                &lt;h5 class=\"text-danger text-center\"&gt; Sorry! No post found. &lt;\/h5&gt;\n                            &lt;\/td&gt;\n                &lt;?php endif; ?&gt;\n            &lt;\/tbody&gt;\n        &lt;\/table&gt;\n    &lt;\/div&gt;\n\n&lt;?php \n    include_once ('.\/master\/footer.php');\n?&gt;<\/code><\/pre>\n\n\n\n<p>In the above snippet, at the top, I have included the <strong>header<\/strong> and <strong>DataController<\/strong> file. We will see the <strong>DataController.php<\/strong> file snippet in the next step. Created a table and iterated the array which will come through the DataController file. Also, there are action buttons to <strong>View<\/strong>, <strong>Edit<\/strong>, and <strong>Delete<\/strong> the post.<\/p>\n\n\n\n<p>When you run the index.php file, it will show you the result that looks like the below screenshot.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"389\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-57-25.png?resize=1024%2C389&#038;ssl=1\" alt=\"CRUD - index page\" class=\"wp-image-6258\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-57-25.png?resize=1024%2C389&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-57-25.png?resize=300%2C114&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-57-25.png?resize=768%2C292&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-57-25.png?w=1291&amp;ssl=1 1291w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>PHP CRUD &#8211; index page<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Yet this time, we haven&#8217;t created any posts. Hence, there is no post. Therefore, put the CRUD operations functionality in the <strong>DataController.ph<\/strong>p file.<\/p>\n\n\n\n<p class=\"recommended-link\">Recommended: <a href=\"https:\/\/programmingfields.com\/how-to-create-a-crud-application-using-ajax-in-laravel-10\/\" target=\"_blank\" rel=\"noopener\">How to Create a\u00a0CRUD\u00a0Application Using\u00a0Ajax\u00a0in Laravel 10<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CRUD_in_PHP_Using_Prepared_Statement\"><\/span><strong>CRUD in PHP Using Prepared Statement<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For the CRUD operations, I will be using a PHP prepared statement. In my last post, I already explained the benefits of using a prepared statement. So, we have already created the <strong>DataController.php<\/strong> file for handling all the requests and functional parts. Hence, add the below code. I will explain each and every function.<\/p>\n\n\n\n<pre title=\"DataController.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php\nini_set('display_errors', '1');\nsession_start();\nrequire_once ('.\/DBController.php');\n\n$dataController = new DataController;\n$redirctUrl = \"http:\/\/localhost\/php\/crud\/index.php\";\n\n\/\/ Create =&gt; if request has post method and create action\nif ($_SERVER['REQUEST_METHOD'] == 'POST') {    \n    if (isset($_POST['create'])) {\n        $response = $dataController-&gt;store($_POST);\n        $_SESSION['response'] = $response;\n        header('Location:'.$redirctUrl);\n    }\n}\n\n\/\/ Update =&gt; if request has post method and update action\nif ($_SERVER['REQUEST_METHOD'] == 'POST') {   \n   \n    if (isset($_POST['update'])) {\n        $response = $dataController-&gt;update($_POST);\n        $_SESSION['response'] = $response;\n        header('Location:'.$redirctUrl);\n    }\n}\n\n\n\/\/ Delete =&gt; if request has get method and delete action\nif ($_SERVER['REQUEST_METHOD'] == 'GET') {   \n    if (isset($_GET['delete'])) {\n        $response = $dataController-&gt;delete($_GET);\n        $_SESSION['response'] = $response;\n        header('Location:'.$redirctUrl);\n    }\n}\n\n\nclass DataController {\n    public $conn;\n    public $dbController;\n    public $request = [];\n    public $response = [];\n\n    function __construct()\n    {\n        $this-&gt;dbController = new DBController();\n        $this-&gt;conn = $this-&gt;dbController-&gt;connect();\n        $this-&gt;request = $_POST;        \n    }\n\n    \/**\n     * Create Post\n     * @param $request\n     * @return response array\n     *\/\n    function store($request):array {\n        $inputs = $this-&gt;sanitizeInputs($request);\n\n        $stmt = $this-&gt;conn-&gt;prepare(\"INSERT INTO posts (title, description) VALUES (?, ?)\");\n        $stmt-&gt;bind_param(\"ss\", $inputs['title'], $inputs['description']);\n\n        if ($stmt-&gt;execute()) {\n            $this-&gt;response['status'] = \"success\";\n            $this-&gt;response['message'] = \"Success! Post created.\";\n        }\n\n        else {\n            $this-&gt;response['status'] = \"failed\";\n            $this-&gt;response['message'] = \"Failed! Post not created.\";\n        }\n\n        $stmt-&gt;close();\n        $this-&gt;dbController-&gt;close($this-&gt;conn);\n        \n        return $this-&gt;response;       \n    }\n\n    \/**\n     * Sanitize inputs\n     * @param $request\n     * @return $inputs[]\n     *\/\n    function sanitizeInputs($request):array {\n        $inputs = [];\n        $inputs['title'] = trim(filter_var($this-&gt;conn-&gt;real_escape_string($request['title']), FILTER_SANITIZE_STRING));\n        $inputs['description'] = trim(filter_var($this-&gt;conn-&gt;real_escape_string($request['description']), FILTER_SANITIZE_STRING));\n        return $inputs;\n    }\n\n    \/**\n     * @param NO\n     * @return $response:array\n     *\/\n    function posts():array {\n\n        $stmt = $this-&gt;conn-&gt;prepare(\"SELECT id, title, description, created_at, updated_at FROM posts ORDER BY id DESC\");\n        \n        if ($stmt-&gt;execute()) {\n            $result = $stmt-&gt;get_result();\n\n            if($result-&gt;num_rows &gt; 0) {\n                $this-&gt;response  = $result-&gt;fetch_all(MYSQLI_ASSOC);\n            }\n        }\n        \n        $stmt-&gt;close();\n        $this-&gt;dbController-&gt;close($this-&gt;conn);\n        \n        return $this-&gt;response;\n    }\n\n    \/**\n     * @param $id\n     * @return $response:array\n     *\/\n    function post($id):array {\n\n        try {\n\n            \/\/ sanitize param\n            $this-&gt;checkParam($id);\n\n            \/\/ prepared statement\n            $stmt = $this-&gt;conn-&gt;prepare(\"SELECT id, title, description, created_at, updated_at FROM posts WHERE id = ?\");\n            $stmt-&gt;bind_param(\"i\", $id);\n            if($stmt-&gt;execute()) {\n                $result = $stmt-&gt;get_result();\n                if($result-&gt;num_rows &gt; 0) {\n                    $this-&gt;response  = $result-&gt;fetch_assoc();\n                }\n            }\n            return $this-&gt;response;\n        }\n        catch (Exception $e) {\n            echo $e-&gt;getMessage();\n        }\n    }\n\n    \/**\n     * Sanitize param \n     * @param $param\n     * @return int $param\n     *\/\n    function checkParam($param):int {\n        return (int)filter_var($this-&gt;conn-&gt;real_escape_string($param), FILTER_SANITIZE_STRING);\n    }\n\n    \/**\n     * Update Post\n     * @param $request\n     * @return response array\n     *\/\n    function update($request):array {\n\n        $inputs = $this-&gt;sanitizeInputs($request);\n        $id = $this-&gt;checkParam($request['id']);\n\n        $stmt = $this-&gt;conn-&gt;prepare(\"UPDATE posts SET title = ?, description = ? WHERE id = ?\");\n        $stmt-&gt;bind_param(\"ssi\", $inputs['title'], $inputs['description'], $id);\n\n        if ($stmt-&gt;execute()) {\n            $this-&gt;response['status'] = \"success\";\n            $this-&gt;response['message'] = \"Success! Post updated.\";\n        }\n\n        else {\n            $this-&gt;response['status'] = \"failed\";\n            $this-&gt;response['message'] = \"Failed! Post not updated.\";\n        }\n\n        $stmt-&gt;close();\n        $this-&gt;dbController-&gt;close($this-&gt;conn);\n        \n        return $this-&gt;response;       \n    }\n\n     \/**\n     * Delete Post\n     * @param $request\n     * @return response array\n     *\/\n    function delete($request):array {\n        $id = $this-&gt;checkParam($request['delete']);\n\n        \/\/ prepared statement\n        $stmt = $this-&gt;conn-&gt;prepare(\"DELETE FROM posts WHERE id = ?\");\n        $stmt-&gt;bind_param(\"i\", $id);\n\n        if($stmt-&gt;execute()) {\n            $result = $stmt-&gt;get_result();\n            $this-&gt;response['status'] = \"success\";\n            $this-&gt;response['message'] = \"Success! Post deleted.\";\n        }\n\n        else {\n            $this-&gt;response['status'] = \"failed\";\n            $this-&gt;response['message'] = \"Failed! Post not deleted.\";\n        }\n\n        $stmt-&gt;close();\n        $this-&gt;dbController-&gt;close($this-&gt;conn);\n\n        return $this-&gt;response;\n    }\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_Post\"><\/span><strong>Create Post<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To create a post, click on the <strong>Create Post<\/strong> button at the top right in the index file. It will open a new page <strong>(create.php)<\/strong>. But, before that, you have to add the below snippet in the <strong>create.php <\/strong>file.<\/p>\n\n\n\n<pre title=\"create.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php \n    include_once ('.\/master\/header.php');\n?&gt;\n    &lt;div class=\"row\"&gt;\n        &lt;div class=\"col-xl-12 text-right\"&gt;\n            &lt;a href=\".\/index.php\" class=\"btn btn-primary\"&gt;Back to Post &lt;\/a&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n    &lt;div class=\"row py-5\"&gt;\n        &lt;div class=\"col-xl-6 col-lg-6 col-md- 6 col-sm-12 col-12 m-auto\"&gt;\n            &lt;form action=\"DataController.php\" method=\"POST\" id=\"postForm\"&gt;\n                &lt;div class=\"card\"&gt;\n                    &lt;div class=\"card-header\"&gt;\n                        &lt;h5 class=\"card-title\"&gt; Create Post &lt;\/h5&gt;\n                    &lt;\/div&gt;\n\n                    &lt;div class=\"card-body\"&gt;\n                        &lt;div class=\"form-group\"&gt;\n                            &lt;label&gt; Title &lt;\/label&gt;\n                            &lt;input type=\"text\" class=\"form-control\" name=\"title\" id=\"title\" placeholder=\"Post title\" \/&gt;\n                        &lt;\/div&gt;\n                        &lt;div class=\"form-group\"&gt;\n                            &lt;label&gt; Description &lt;\/label&gt;\n                            &lt;textarea class=\"form-control\" id=\"description\" name=\"description\" placeholder=\"Post description\"&gt;&lt;\/textarea&gt;\n                        &lt;\/div&gt;\n                    &lt;\/div&gt;\n\n                    &lt;div class=\"card-footer\"&gt;\n                        &lt;button type=\"submit\" class=\"btn btn-success\" name=\"create\"&gt; Save &lt;\/button&gt;\n                    &lt;\/div&gt;\n                &lt;\/div&gt;\n            &lt;\/form&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n    \n &lt;?php \n    include_once ('.\/master\/footer.php');\n?&gt;<\/code><\/pre>\n\n\n\n<p>In the above snippet, there is a form with two inputs. The form has an action to submit the data with the validation. For the form validation, I have used here the client-side validation using jQuery. You can use advanced validation as per the inputs like email, password, etc.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"521\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-08.png?resize=1024%2C521&#038;ssl=1\" alt=\"Create Post Form\" class=\"wp-image-6262\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-08.png?resize=1024%2C521&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-08.png?resize=300%2C153&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-08.png?resize=768%2C391&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-08.png?w=1239&amp;ssl=1 1239w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Create Post Form<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Here, when you try to submit the form without filling the title and description. It will show the validation error message. This is basic validation, you can make it more advanced as per the inputs.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-21.png?resize=1024%2C579&#038;ssl=1\" alt=\"Form Validation Using jQuery Validator\" class=\"wp-image-6264\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-21.png?resize=1024%2C579&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-21.png?resize=300%2C170&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-21.png?resize=768%2C434&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-21.png?w=1218&amp;ssl=1 1218w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Form Validation Using jQuery Validator<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Now, try creating a post by filling up the required details.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"502\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-56.png?resize=1024%2C502&#038;ssl=1\" alt=\"Create Post in PHP prepared statement\" class=\"wp-image-6272\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-56.png?resize=1024%2C502&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-56.png?resize=300%2C147&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-56.png?resize=768%2C377&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-06-58-56.png?w=1235&amp;ssl=1 1235w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Create Post<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>After creating the post, it will redirect you to the <strong>index.php<\/strong> file with the success response.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Show_Post\"><\/span><strong>Show Post<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For the post detail, you have to click on the <strong>view<\/strong> button inside the Action column. So, to display the post you have to add the below snippet in the <strong>show.php<\/strong> file.<\/p>\n\n\n\n<pre title=\"show.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php \n    include_once ('.\/master\/header.php');\n    require_once ('.\/DataController.php');\n\n    \/\/ get query string of post id\n    if ($_SERVER['REQUEST_METHOD'] == \"GET\" &amp;&amp; $_GET['post']) {\n        $dataController = new DataController;\n        $post = $dataController-&gt;post($_GET['post']);\n    }\n?&gt;\n    &lt;div class=\"row\"&gt;\n        &lt;div class=\"col-xl-12 text-right\"&gt;\n            &lt;a href=\".\/index.php\" class=\"btn btn-primary\"&gt;Back to Post &lt;\/a&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n    &lt;div class=\"row py-5\"&gt;\n        &lt;div class=\"col-xl-6 col-lg-6 col-md- 6 col-sm-12 col-12 m-auto\"&gt;\n            &lt;div class=\"card\"&gt;\n                &lt;div class=\"card-header\"&gt;\n                    &lt;h5 class=\"card-title\"&gt; Post Detail &lt;\/h5&gt;\n                &lt;\/div&gt;\n\n                &lt;div class=\"card-body\"&gt;\n                    &lt;div class=\"form-group\"&gt;\n                        &lt;label&gt; Title &lt;\/label&gt;\n                        &lt;input type=\"text\" readonly class=\"form-control\" placeholder=\"Post title\" value=\"&lt;?= stripslashes($post['title']) ?? \"\" ?&gt;\" \/&gt;\n                    &lt;\/div&gt;\n                    &lt;div class=\"form-group\"&gt;\n                        &lt;label&gt; Description &lt;\/label&gt;\n                        &lt;textarea class=\"form-control\" readonly placeholder=\"Post description\"&gt;&lt;?= stripslashes($post['description']) ?? \"\" ?&gt;&lt;\/textarea&gt;\n                    &lt;\/div&gt;\n                &lt;\/div&gt;\n            &lt;\/div&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n &lt;?php \n    include_once ('.\/master\/footer.php');\n?&gt;<\/code><\/pre>\n\n\n\n<p>Here is the result of the post detail with readonly inputs and there is no button inside the form.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"450\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=1024%2C450&#038;ssl=1\" alt=\"Post Updated Using Prepared Statement in PHP\" class=\"wp-image-6277\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=1024%2C450&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=300%2C132&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=768%2C338&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?w=1290&amp;ssl=1 1290w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Post Updated Using Prepared Statement in PHP<\/strong><\/figcaption><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-06-10.png?resize=1024%2C446&#038;ssl=1\" alt=\"Show Post - Post Detail\" class=\"wp-image-6275\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-06-10.png?resize=1024%2C446&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-06-10.png?resize=300%2C131&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-06-10.png?resize=768%2C335&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-06-10.png?w=1232&amp;ssl=1 1232w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Show Post &#8211; Post Detail<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Update_Post\"><\/span><strong>Update Post<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For updating the post, firstly, click on the <strong>Edit<\/strong> option available in the index file. It will load the post to<strong> the edit.php<\/strong> file. Here is the snippet for the edit.php file.<\/p>\n\n\n\n<pre title=\"edit.php\" class=\"wp-block-code\"><code lang=\"php\" class=\"language-php\">&lt;?php \n    include_once ('.\/master\/header.php');\n    require_once ('.\/DBController.php');\n    require_once ('.\/DataController.php');\n\n    if ($_SERVER['REQUEST_METHOD'] == \"GET\" &amp;&amp; $_GET['post']) {\n        $dataCtrl = new DataController;\n        $post = $dataCtrl-&gt;post($_GET['post']);\n    }\n?&gt;\n    &lt;div class=\"row\"&gt;\n        &lt;div class=\"col-xl-12 text-right\"&gt;\n            &lt;a href=\".\/index.php\" class=\"btn btn-primary\"&gt;Back to Post &lt;\/a&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n    &lt;div class=\"row py-5\"&gt;\n        &lt;div class=\"col-xl-6 col-lg-6 col-md- 6 col-sm-12 col-12 m-auto\"&gt;\n            &lt;form action=\"DataController.php\" method=\"POST\" id=\"postForm\"&gt;\n            &lt;input type=\"hidden\" name=\"id\" value=\"&lt;?= $post['id'];?&gt;\" \/&gt;\n                &lt;div class=\"card\"&gt;\n                    &lt;div class=\"card-header\"&gt;\n                        &lt;h5 class=\"card-title\"&gt; Update Post &lt;\/h5&gt;\n                    &lt;\/div&gt;\n\n                    &lt;div class=\"card-body\"&gt;\n                        &lt;div class=\"form-group\"&gt;\n                            &lt;label&gt; Title &lt;\/label&gt;\n                            &lt;input type=\"text\" class=\"form-control\" name=\"title\" placeholder=\"Post title\" value=\"&lt;?= stripslashes($post['title']) ?? \"\" ?&gt;\" \/&gt;\n                        &lt;\/div&gt;\n                        &lt;div class=\"form-group\"&gt;\n                            &lt;label&gt; Description &lt;\/label&gt;\n                            &lt;textarea class=\"form-control\" name=\"description\" placeholder=\"Post description\"&gt;&lt;?= stripslashes($post['description']) ?? \"\" ?&gt;&lt;\/textarea&gt;\n                        &lt;\/div&gt;\n                    &lt;\/div&gt;\n                    &lt;div class=\"card-footer\"&gt;\n                            &lt;button type=\"submit\" class=\"btn btn-success\" name=\"update\"&gt; Update &lt;\/button&gt;\n                    &lt;\/div&gt;\n                &lt;\/div&gt;\n            &lt;\/form&gt;\n        &lt;\/div&gt;\n    &lt;\/div&gt;\n\n &lt;?php \n    include_once ('.\/master\/footer.php');\n?&gt;<\/code><\/pre>\n\n\n\n<p>This file will read the query string and then will send it to the <strong>DataController<\/strong> class. We have already written the function to sanitize the query string properly in the controller file.<\/p>\n\n\n\n<p>Check the result and try to update the post.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"505\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-03.png?resize=1024%2C505&#038;ssl=1\" alt=\"Edit Post Using Prepared Statement\" class=\"wp-image-6276\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-03.png?resize=1024%2C505&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-03.png?resize=300%2C148&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-03.png?resize=768%2C378&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-03.png?w=1230&amp;ssl=1 1230w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Edit Post Using Prepared Statement<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>Here, I have updated the description and after that, I will click on the update button.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"450\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=1024%2C450&#038;ssl=1\" alt=\"Post Updated Using Prepared Statement in PHP\" class=\"wp-image-6277\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=1024%2C450&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=300%2C132&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?resize=768%2C338&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-13.png?w=1290&amp;ssl=1 1290w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Post Updated Using Prepared Statement in PHP<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>After updating the post, let me show you the database table. Here, inside the posts table, there are three posts. The noticeable point is the description has a single quote while updating the post. In the database, it is converted into the escaped string.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"238\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-46.png?resize=1024%2C238&#038;ssl=1\" alt=\"Posts Table Result\" class=\"wp-image-6278\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-46.png?resize=1024%2C238&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-46.png?resize=300%2C70&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-46.png?resize=768%2C179&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-14-46.png?w=1307&amp;ssl=1 1307w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Posts Table Result<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Delete_Post\"><\/span><strong>Delete Post<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For deleting the post, we not need any view (HTML) file. I have added a javascript confirm dialog to ask for deleting the post. The prepared statement for post deleting is already inside the <strong>DataController.php class.<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"433\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-29.png?resize=1024%2C433&#038;ssl=1\" alt=\"Delete Post Confirmation Dialog\" class=\"wp-image-6280\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-29.png?resize=1024%2C433&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-29.png?resize=300%2C127&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-29.png?resize=768%2C325&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-29.png?w=1287&amp;ssl=1 1287w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Delete Post Confirmation Dialog<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<p>When you will confirm, it will delete the post and show you the success message.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"405\" src=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-39.png?resize=1024%2C405&#038;ssl=1\" alt=\"Prepared statement delete post response\" class=\"wp-image-6281\" srcset=\"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-39.png?resize=1024%2C405&amp;ssl=1 1024w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-39.png?resize=300%2C119&amp;ssl=1 300w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-39.png?resize=768%2C303&amp;ssl=1 768w, https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/Screenshot-from-2021-06-12-07-15-39.png?w=1296&amp;ssl=1 1296w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\"><strong>Post Deleted Success Response<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Finally, we created the PHP crud using a <strong>prepared statement<\/strong>. For the input escaping characters, we used the <strong>real_escape_string<\/strong>() function along with <strong>filter_var()<\/strong>. There are other functions available in PHP to sanitize and validate the inputs. I used the Object-Oriented approach for the CRUD operations. This is a basic demo for enhancing the security level of your PHP code. You can make it more clear and advanced as per your requirement.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security is a measured challenge while creating an application in PHP. The raw SQL query in PHP can be injected through a malicious function. This may affect your entire functionality. Even you can lose your database or particular table and even any record. Due to the SQL injection, the vulnerable code or script can be [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6283,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[2096,2098,2093,2097,2094,2088,2095],"yst_prominent_words":[134,1522,1521,32,116,26,105,606],"class_list":{"0":"post-6232","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-php","8":"tag-crud-app","9":"tag-php-8-crud","10":"tag-php-crud","11":"tag-php-object-oriented","12":"tag-prepared-statment-in-php","13":"tag-prevent-sql-injection","14":"tag-sanitize-inputs-in-php","15":"entry"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/programmingfields.com\/wp-content\/uploads\/2021\/06\/CRUD-using-prepared-statement.png?fit=560%2C315&ssl=1","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/posts\/6232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/comments?post=6232"}],"version-history":[{"count":12,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/posts\/6232\/revisions"}],"predecessor-version":[{"id":10590,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/posts\/6232\/revisions\/10590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/media\/6283"}],"wp:attachment":[{"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/media?parent=6232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/categories?post=6232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/tags?post=6232"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/programmingfields.com\/wp-json\/wp\/v2\/yst_prominent_words?post=6232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}