Files from 25-03-26 and added missing Files

Zweites Jahr/unterrichts_projekt/inc/db_connection_data.php

@@ -3,7 +3,7 @@
 
 
 $db_engine ="mysql";
-$db_name = "E2FI1_2025";
+$db_name = "portal_e2fi1_2026";
 $db_host = "localhost";
 $db_user = "phpmyadmin";
 $db_password = "server";

Zweites Jahr/unterrichts_projekt/pdo_test_ok.php

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Entry succeded</title>
+</head>
+<body>
+    <h1>PDO Testset</h1>  
+    <h2>Thank You Landing Page</h2>  
+    <p>Thank You, you succeded!</p>     
+    <p><a href = "pdo_test_form.php">Another Entry?</a></p>
+</body>
+</html>

Zweites Jahr/unterrichts_projekt/pdo_test_prepared.php

@@ -0,0 +1,138 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>PDO-Test</title>
+</head>
+<body>
+<?php
+// pdo_test.php
+require_once "inc/db_connection_function.php";
+
+// establish db connection
+$dbh = db_connect();
+
+
+// get data from form fields: 
+// SQL-Injection-Angriff verhindern durch quote()
+
+// $u_firstname = $dbh->quote($_REQUEST['firstname']);
+// $u_lastname = $dbh->quote($_REQUEST['lastname']);
+// $u_email = $dbh->quote($_REQUEST['email']);
+ 
+// SQL-Injection-Angriff (in letztes Feld eingeben) 
+// ');DELETE FROM user WHERE (u_email LIKE '%
+
+// Insert new record into db    
+
+/* Prepared Statements senden SQL-Befehl und Daten in zwei getrennten Schritten an die Datenbank:
+
+Prepare: Die Query-Struktur wird festgelegt und kompiliert.
+Execute: Die Werte werden separat eingesetzt – nur noch als Daten, nie als SQL-Code.
+
+Da die Struktur schon vor dem Einsetzen der Werte feststeht, 
+kann eine Benutzereingabe die Logik der Query nicht mehr verändern.*/
+
+$stmt = $dbh->prepare(
+    "   
+       INSERT INTO user VALUES (
+           NULL,
+           :input_1,
+           :input_2,
+           :input_3
+   );"
+);
+
+// bind with pindParam 
+
+// $stmt->bindParam(":input_1",$_REQUEST['firstname']);
+// $stmt->bindParam(":input_2",$_REQUEST['lastname']);
+// $stmt->bindParam(":input_3",$_REQUEST['email']);
+
+
+ // bind with associative array
+
+ $input = [
+    ":input_1" => $_REQUEST['firstname'],
+    ":input_2" => $_REQUEST['lastname'],
+    ":input_3" => $_REQUEST['email']
+];
+
+
+
+try {
+    //if bound with pindParam
+    // $stmt->execute();  
+    // if bind with associative array
+    $stmt->execute($input);
+    // echo "<p>Insert succeded!</p>";   
+    header('location:pdo_test_ok.php');
+    // Weiterleitung
+}
+catch(PDOException $e) {
+    $errMsg = $e->getMessage();
+    $errCode = $e->getCode(); 
+    // echo "<p>Error-Message: $errMsg <br>"; 
+    // echo "Error-Code: $errCode </p>";  
+    
+    switch($errCode) {
+        case "23000": $custErrMsg = "<p>Email-Adress already exists!</p>"; break;
+        default: $custErrMsg = "<p>Oooops, something went wrong!</p>";
+    }
+    echo $custErrMsg;
+}
+
+
+
+// #######################################################
+
+// Read records form db  
+    
+// result consists of multiple rows and columns
+/* In der Regel auch hier mit Try-Catch-Block */
+
+    
+$sql = "SELECT * FROM user";
+// $res = $dbh->query($sql);
+$res = $dbh->query($sql)->fetchAll(); // Converts result set into Array (multi-dim)
+/* 
+echo "<pre>";
+print_r($res);
+echo "</pre>";
+*/
+
+foreach($res as $row) {
+    echo "$row[0] | $row[1] | $row[2] | $row[3]<br>";
+}
+     
+
+// result consists of one row and multiple columns
+$sql = "SELECT * FROM user WHERE u_id = 24";
+$res = $dbh->query($sql)->fetch();
+/*
+echo "<pre>";
+print_r($res);
+echo "</pre>";
+*/
+echo "<p>Searching User ID 24:<br>";
+if($res) {
+    echo "User found: $row[1] $row[2]</p>";
+}
+else {
+    echo "No User found</p>";
+}
+
+// result represents one cell
+$sql = "SELECT u_firstname FROM user WHERE u_id = 24";
+$firstname = $dbh->query($sql)->fetchColumn();
+
+echo "<p>Searching First Name of User ID 24:<br>";
+echo "First Name of User found: $firstname </p>";
+
+
+?>
+<p><a href = "pdo_test_form.php">Try again!</a></p>
+    
+</body>
+</html>

Zweites Jahr/unterrichts_projekt/portal/register.php

@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Portal: Registrieren</title>
+</head>
+<body>
+    <h2>Registrieren</h2>
+    <form>
+        <label>E-Mail: <input name="email"></label><br>
+        <label>Passwort: <input type="password" name="pw" > </label>
+        <button type="submit">Registrieren</button>
+    </form>
+</body>
+</html>
+<?php 
+require_once '../inc/db_connection_function.php';
+$dbh = db_connect();
+$errors = '';
+
+if(!empty($_REQUEST)) { // Button wurde gedrückt?
+    if($_REQUEST['email'] != '' AND $_REQUEST['pw'] != ''){ // Alle Felder gedrückt?
+        $email = $_REQUEST['email'];
+        $pw = $_REQUEST['pw'];
+
+        $query = "INSERT INTO user VALUES (NULL, :email, :pw)";
+        $stmt = $dbh->prepare($query);
+
+        $stmt->bindParam(':email', $email);
+        $stmt->bindParam(':pw', $pw);
+
+        try {
+            $stmt->execute();
+        } catch(PDOException $e){
+            $errMsg = $e->getMessage();
+            $errCode = $e->getCode();
+
+            switch($errCode) {
+                case "23000": $custErrMsg = "<p>Email-Adress already exists!</p>"; break;
+                default: $custErrMsg = "<p>Oooops, something went wrong!</p>";
+            }
+            echo $custErrMsg;
+        }
+    }
+
+}
+
+if ($errors != "") echo $errors;