0

I would like to know how to make a text box for the user to type and then create a database named after this input.

<?php
/*
code to connect and make a mysql database named after the user input
*/

?>
<!DOCTYPE HTML>    
<html>
<head>

</head>
<body>
<form action=<?php $_SERVER['PHP_SELF']; ?>>
<input type="text" name="databasename">
<input type="submit" name="submit">
</form>
</body>
</html>
Improve this question
2
  • 3
    Are you sure you don't want to create either a TABLE, or perhaps just a ROW of related data pertaining to that one user? To create an entire database for each user is unusual. Commented Jan 9, 2014 at 22:07
  • 1
    Imagine, 1000+ users, even 100-500 for that matter. I hope you have an automated method to create the code that will go along with the tables, maintenance etc. etc. etc. --- Create relational tables, and not databases. You'll be up to your armpits in work. I sure hope you know what you're getting yourself into. Commented Jan 9, 2014 at 22:15

4 Answers 4

Reset to default
4

It technically depends on the DBMS you use, but just make a SQL query (using MySQL) of "CREATE DATABASE databasename" would do it.

However, unless you're creating a database management tool like PhpMyAdmin, don't do this. You're just asking for users to run amok in your system.

And that's just the basics. I implore you to read the documentation on MySQL

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You absolutely have to make sure the user's input is useable and not a hacking attempt or a mistake. So, first you check the input, and then if it's okay, you create a database.

This is assuming you add action="post" in the form. I don't like putting inputs into "get" because then your variable's part of the URL, and some people might try to set bookmarks with it there. 

if(isset($_POST['databasename'])) {  //this lets us know the form has posted
   // 1. Check for acceptable name
   $name = $_POST['databasename'];
   $name = strtolower($name);       //all lowercase (makes things easier to deal with)
   $name = preg_replace("/[^a-z]/", '', $name);  //get rid of things that aren't letters

   if($name != '') {
       // 2. Create the database
       $mysqli = new mysqli('localhost', 'my_user', 'my_password');

       if ($mysqli->connect_error) {
           throw new Exception("Connect Error ($mysqli->connect_errno) $mysqli->connect_error");
       }
       $query = "CREATE DATABASE `$name`";
       $mysqli->query($query);
       if($mysqli->errno) {
           throw new Exception("Error creating database: $mysqli->error");
           // I am pretty sure this is enough to catch the error of the database already existing
       }
       echo "Database $name created.";
    } else {
       throw new Exception("Invalid name");
    }
}

If I were you, I would put this in a try-catch to catch the exceptions and handle them.

Improve this answer

4 Comments

This will not take spaces into account $name = preg_replace("/[^a-z]/", '', $name);
This $string = preg_replace("/[^ \w]+/", "", $string); replaces all non-space and non-word characters with nothing
Space is not from a to z, so it excludes spaces right along with everything else. Technically, unquoted MYSQL database names can only have the characters 0-9a-zA-Z$_[] plus some extended unicode (but if you allow $ in your database name, you can't use double quotes on it in PHP). For this reason, using [^ \w] is inadvisable, because it would allow tons of characters that are not allowed unquoted. If you're going to carefully quote your database name every time you use it, then actually, spaces are allowed (except as the last char), along with tons of other things.
You're right for sure. I thought what you had would allow the OP to use a space, which is not recommended. Thanks for the insight, cheers.
0

As you haven't declared a method for your form it defaults to GET. 

$db_name = $_GET['databasename'];

$host="localhost"; 

$user="username"; 
$password="pa55word"; 

$con=mysqli_connect($host,$user,$password);

// Create database
$query="CREATE DATABASE `$db_name`";
if (mysqli_query($con,$query))
  {
  echo "Database created";
  }
else
  {
  echo "Error creating database...";
  }

If the user isn't root though, you need to make sure you have granted the user enough privileges to create a database.

Improve this answer

Comments

0

You can use this method to check if there exists a database with same name and through an error else create it and display created successfuly

<?php
    if(isset($_POST['submit'])){  //check for the submit button pressed
    $dbname=$_POST['db'];     //store the database name in php variable
    $query= mysqli_connect('localhost','root','')or die("Error establishing connection");      //check for database connectivity
    $a="CREATE DATABASE IF NOT EXISTS ".$dbname;    //create a database if it doesn't already exist
    $q= mysqli_query($query, $a) or die("Database already exist.. please try   different name");
    echo "Your database ".$dbname." is successfully created";
    }
    ?>

for the html form refer the code below:-

    <form method="post" action="">
    Enter database name: <input type="text" name="db" /><br/>
    <input type="submit" name="submit" value="submit"/>
    </form>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.