1

I would like to create a database based on user input if that database doesn't exist. Problem is, I do not understand how to check whether the database exists or not.

Also another question is I wonder if the following code would work:

if (isset($_POST['companyName'])) {
   $companyName = $_POST['companyName'];
}

$query = "
    CREATE DATABASE 'companyName';
       USE 'companyName';
    CREATE TABLE users (
           ID int NOT NULL AUTO_INCREMENT,
           FirstName varchar(255),
           LastName varchar(255),
           user text,
           Password varchar(255),
           Email varchar(255),
           PRIMARY KEY (ID)
   );
";

$result = mysqli_query($conn, $query);

Because basically I typed the whole SQL code in and just query it, would that create any problem?

I'm not really experienced in PHP and MySQL so thank you for paying attention and answer my question in advance!

Improve this question
7
  • The real question here is 'Why?'. insert Ryan Reynolds meme here. But seriously talking, what is the scheme of your system why you want to create a database through user's input? Commented Jul 19, 2016 at 7:48
  • In terms of security, it's probably best to have a database already created and then simply add in the user data, even if it's the first record. Nothing is gained from a user being able to enter data into a web form and then indirectly running SQL code. Commented Jul 19, 2016 at 7:49
  • 1
    how to check : mysql_select_db('your_db_name') or die ('DB NOT FOUND'); Commented Jul 19, 2016 at 7:52
  • I need to have have unique database for each company, and in each company contain its user data. And in the database contain tables for the company. It's a two step sign up form, like they create a company or find their company, then sign up as a user within the company. I'm not sure if that makes sense, tell me if it's not, I will try to explain better, but is there a better way to do that? Commented Jul 19, 2016 at 7:56
  • @RonaldNg Are you try my source xD? Commented Jul 19, 2016 at 8:04

2 Answers 2

Reset to default
1

You can try this

<?php
$servername = 'localhost';
$username = 'root';
$password = 'xxxxx';

$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
// Create database
$sql = "CREATE DATABASE myDB";
if ($conn->query($sql) === TRUE) {
    $conn =  mysqli_connect($servername, $username, $password,'myDB');
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 
    $query = "CREATE TABLE users
          (
            ID int NOT NULL AUTO_INCREMENT,
            FirstName varchar(255),
            LastName varchar(255),
            user text,
            Password varchar(255),
            Email varchar(255),
            PRIMARY KEY (ID)
          )";
    if ($conn->query($query) === TRUE) {
        echo "Table users created successfully";
    } else {
        echo "Error creating table: " . $conn->error;
    }
} else {
    echo "Error creating database: " . $conn->error;
}

$conn->close();
?>

My result

enter image description here

But I'm not recommend user can create new database in your sql server.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You should first filter out the user inputs before putting to use in mysql queries. Use htmlspecialchars(), stripslashes() functions.

Before creating a database you should check if it exists. You can do it by using : CREATE DATABASE IF NOT EXISTS yourdb;

It is not advisable to create db and tables based on user inputs, but in case you have no other option, make sure to filter the user inputs.

Improve this answer

2 Comments

That's what prepared statements with bound parameters are for - as a general rule don't interpolate variables into SQL strings.
What on the Earth htmlspecialchars() and stripslashes() have to do with mysql ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.