-5

Am a newbie in PHP and MySQL, how can I create a database with a phone number being the database name? The phone number is in the format of +256720742675. I have tried the code below but keeps on trowing an error.

<?php

$database= $_POST[PhoneNumberTextBox];

//check for MySQL server connection

$connection = mysql_connect("localhost","root","");

if (!$connection)
{
die('Could not connect to database: ' . mysql_error());
}
//Create database 

$sql= "CREATE DATABASE $database";


if(!mysql_query($sql,$connection))
{

die('Could not create database'.mysql_error());

}
else

echo"Database Created<br\>";

//Close connection

mysql_close($connection);

?>
sammyukavi
  • 1,501
  • 2
  • 23
  • 51
  • 6
    This doesn't make sense. Why would you want to do this? Database names should be static. – Pekka Nov 17 '11 at 10:03
  • 5
    You need to read up on database design. Creating an entire database for every telephone number your site receives is something you REALLY do not want to do. – Rory McCrossan Nov 17 '11 at 10:03
  • Obviously SQL standards dicatate that table names Begin with a-z,A-Z or _ and contain only chars a-z,A-Z,0-9 and _. So any table name starting with a plus or a number is invalid. But this idea is just plain weird -- like buying an electric power tool and using it as a hammer. – James Anderson Nov 17 '11 at 10:20
  • 1
    Why the massive amount of downvotes this isn't a bad question _per se_ – Jim Nov 17 '11 at 10:52

3 Answers3

4

don't know where to begin... From:

  • You should not use root database user in your php file or,
  • You should not create databases from your _POST requests

I can see so many bad things happening...

samura
  • 4,375
  • 1
  • 19
  • 26
  • Well, if it's just a local playground thing on a XAMPP installation, I don't think using root is that terrible. Still, you're right of course in general. You can add SQL injection to your list btw – Pekka Nov 17 '11 at 10:13
3

First of all it doesnt sound right to create a table for each number.

Starting a database name with a number is not allowed. If you insist though, try prepending a letter to it.

For Example: N256720742675

Omtara
  • 2,911
  • 2
  • 19
  • 31
  • +1 for this answer, including the "your design sounds suspect" note. – Fenton Nov 17 '11 at 10:07
  • @Col so what? If the OP insists on doing it the wrong way, let them do it. You can't stop them anyway. What exactly is wrong about this answer? – Pekka Nov 17 '11 at 10:12
  • @Pekka, what's wrong with the answer is that it does not solve anything for the OP, it just leads him/her further down a road to nowhere. – Johan Nov 17 '11 at 11:00
  • @Johan yeah, on second thought, I tend to agree. – Pekka Nov 17 '11 at 11:01
  • I agree as well :)... My post tells the OP that he is heading the wrong direction and provides a solution afterwards. – Omtara Nov 17 '11 at 12:00
3

The answer is to store telephone numbers in a field. Not create a new database per telephone number:

Create a table like this:

create table phonenumbers (
  phone varchar(20) not null primary key,
  related_field1 
  ......
  related_field25

Now you can use code like this: 

$conn = mysql_connect("localhost","named_user","long_password_with_entropy"); 
$phone = mysql_real_escape_string($_POST['PhoneNumberTextBox']);
$sql = "INSERT INTO phonenumbers (phone, field1, field2, field3) 
        VALUES ('$phone','1','2','3') ";
//The quotes    ^      ^  are essential !

Now you're storing stuff in a database in a way that enables them to be retrieved.

And you can select all your data per phonenumber like this: 

SELECT p.*, c.*
FROM phonenumbers p
LEFT JOIN calls c ON (c.phonenumber = p.phone)
WHERE p.phone = '$phone';

Hard rules

  1. Set a strong password on your user account.
  2. Don't log in with root.
  3. Escape all $_* super globals using mysql_real_escape_string. (Or even better: use PDO).

See: How does the SQL injection from the "Bobby Tables" XKCD comic work?
See this tutorial about mysql and php: http://www.tizag.com/mysqlTutorial/
It's one of the few that get this topic right.

Community
  • 1
  • 1
Johan
  • 74,508
  • 24
  • 191
  • 319