www139 www139 - 5 months ago 8
MySQL Question

how to name a mysql database after user input

I would like to know how to make a text box for the user to type and then create a database named after this input.

<?php
/*
code to connect and make a mysql database named after the user input
*/

?>
<!DOCTYPE HTML>
<html>
<head>

</head>
<body>
<form action=<?php $_SERVER['PHP_SELF']; ?>>
<input type="text" name="databasename">
<input type="submit" name="submit">
</form>
</body>
</html>

Answer

You absolutely have to make sure the user's input is useable and not a hacking attempt or a mistake. So, first you check the input, and then if it's okay, you create a database.

This is assuming you add action="post" in the form. I don't like putting inputs into "get" because then your variable's part of the URL, and some people might try to set bookmarks with it there.

if(isset($_POST['databasename'])) {  //this lets us know the form has posted
   // 1. Check for acceptable name
   $name = $_POST['databasename'];
   $name = strtolower($name);       //all lowercase (makes things easier to deal with)
   $name = preg_replace("/[^a-z]/", '', $name);  //get rid of things that aren't letters

   if($name != '') {
       // 2. Create the database
       $mysqli = new mysqli('localhost', 'my_user', 'my_password');

       if ($mysqli->connect_error) {
           throw new Exception("Connect Error ($mysqli->connect_errno) $mysqli->connect_error");
       }
       $query = "CREATE DATABASE `$name`";
       $mysqli->query($query);
       if($mysqli->errno) {
           throw new Exception("Error creating database: $mysqli->error");
           // I am pretty sure this is enough to catch the error of the database already existing
       }
       echo "Database $name created.";
    } else {
       throw new Exception("Invalid name");
    }
}

If I were you, I would put this in a try-catch to catch the exceptions and handle them.