DEV Community: Michael Isijola

PHP Registration Form Using PDO Prepared Statement

Michael Isijola — Thu, 28 Aug 2025 02:20:27 +0000

Code below code for a better explanation visit our youtube channel at https://www.youtube.com/channel/UCtTjECvLAA5NkyjgVTTC5eQ

<?php 
require_once("pdo_db_conn.php");

if (isset($_POST['form_submit'])) {
    // code...
    $name = $_POST['form_name'];
    $email = $_POST['form_email'];
    $password = $_POST['form_password'];

    //check if email exist

    try{

        $check = $pdo->prepare("SELECT * FROM registration WHERE email = ?");
        $check->execute([$email]);
        if ($check->rowCount()>0) {
            // code...
            echo "<center style='color:red'>Email exist try another</center>";
        }else{

            try{

            $insert = $pdo->prepare("INSERT INTO registration(name,email,password)VALUE(?,?,?)");
            if($insert->execute([$name,$email,$password])){

                echo "<center style='color:green;'>Successful</center>";

            }
        }catch(PDOException $e){

            echo $e->getMessage();


        }

        }

}catch(PDOException $e){

    echo $e->getMessage();

}
}

?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Registration Form</title>
</head>
<body>

    <center>
        <form action="registration.php" method="post">

        <h1>Registration Form!</h1>
        <input type="text" name="form_name" placeholder="Full name" required><br><br>
        <input type="email" name="form_email" placeholder="Email address" required><br><br>
        <input type="password" name="form_password" placeholder="Password" required><br><br>
        <input type="submit" name="form_submit" value="Register">

        </form>
    </center>

</body>
</html>

Connecting to MYSQL database with PDO

Michael Isijola — Thu, 28 Aug 2025 02:18:08 +0000

Before you proceed with this tutorial ensure that your server is PDO_MYSQL driver enabled, you can find this in the php.ini file. Created a PHP file with the name "pdo_db_conn.php" and copy the below code in it: This article breaks down a PHP script responsible for handling a user registration process using PHP Data Objects (PDO), a secure way to interact with a database. The script is designed to: Check if an email is already registered. If not, insert a new user record into the database. Handle exceptions and errors gracefully. Let’s go step by step to understand the purpose and flow of each part. 1. Input and PDO Prepared Statement The code begins by preparing an SQL query using the PDO prepare() method. The purpose of this initial query is to determine whether the email submitted by the user already exists in the registration table. prepare() sets up the SQL query with a placeholder (?) to safely inject the user-supplied email. execute([$email]) executes the prepared query with the provided email value. 2. Email Existence Validation The result of the execution is then validated using: 3. Proceeding with Registration If no matching email is found, the script proceeds to insert the new user details: This prepares an SQL INSERT statement with three placeholders corresponding to the name, email, and password fields. 4. Executing the Insert Query The script attempts to execute the insertion: If the insert is successful, it prints a confirmation message, "Successful". 5. Exception Handling There are two try-catch blocks used to handle exceptions: The inner try-catch handles exceptions that may occur during the insertion phase. The outer try-catch captures errors from the initial email check. In both cases, if a PDOException is caught, the error message is printed: This helps with debugging and alerts developers to potential issues in database operations. Security Considerations Prepared Statements: The use of placeholders (?) with prepare() and execute() protects against SQL injection, a common security threat in web applications. Password Storage: In production, passwords should be hashed before storage using functions like password_hash() instead of storing them in plain text. Error Exposure: Displaying raw exception messages to the user can expose sensitive information. In production, it's better to log the error internally and show a generic message to the user. Conclusion This code snippet demonstrates a basic yet essential pattern for registering users securely with PHP and PDO. It checks for duplicate emails before creating new entries, handles database operations using prepared statements, and includes exception handling to ensure robustness. Troubleshooting There are some common issues when you connect to a MySQL database: If the MySQL driver is not enabled in the php.ini file, you will get the error message: could not find driver If you provide an incorrect password, you get the following error message: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) If you provide an invalid database name or the database does not exist, you get the following error message: SQLSTATE[HY000] [1049] Unknown database 'dbname' If you provide an invalid database hostname, the following error message will display: SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: No such host is known.

<?php 

$dbhost = "localhost";
$dbname = "database_name";
$dbuser = "database_user";
$dbpass = "database_password";


try{

    $pdo = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);

    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    if($pdo){

        echo "Successful";

    }

}catch(PDOException $e){

echo $e->getMessage();

}

?>

JDBC Utility Class for Managing MySQL Database Connections in Java

Michael Isijola — Thu, 28 Aug 2025 02:15:55 +0000

This Java class DBConnection is a utility class designed to manage a database connection to a MySQL database using JDBC (Java Database Connectivity). This places the class in the com.mickeymuller.util package, indicating it's a utility helper class. These import essential JDBC classes: Connection: Represents a connection to the database. DriverManager: Handles creating connections to a database. SQLException: Exception thrown for database-related errors. This declares a public utility class called DBConnection. These are connection parameters: URL: Full JDBC URL to the local MySQL database mickeymuller_java. USER: MySQL username. PASSWORD: MySQL password. This is a static method, so it can be called without creating an object. It uses DriverManager.getConnection(...) to establish a database connection and returns a Connection object. It throws SQLException if connection fails. You can use this utility class whenever you want to get a connection to the MySQL database in your application. Important Note Don't hard-code your database password ("password") in production. Instead: Use environment variables Use encrypted secrets (e.g., via AWS Secrets Manager, Spring Vault, etc.)

package com.mickeymuller.util;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

public class DBConnection {
    private static final String URL = "jdbc:mysql://localhost:3306/mickeymuller_java?useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true";
    private static final String USER = "root";
    private static final String PASSWORD = "password";

    public static Connection getConnection() throws SQLException {
        return DriverManager.getConnection(URL, USER, PASSWORD);
    }

}
--------------------------------------------------

import java.sql.Connection;
import java.sql.Statement;
import java.sql.ResultSet;
import java.sql.SQLException;
import com.mickeymuller.util.DBConnection;

public class Main {
    public static void main(String[] args) {
        try (Connection conn = DBConnection.getConnection()) {
            System.out.println("✅ Database connected successfully!");

            Statement stmt = conn.createStatement();
            ResultSet rs = stmt.executeQuery("SELECT * FROM users"); // assuming a table named `users`

            while (rs.next()) {
                System.out.println("User ID: " + rs.getInt("id"));
                System.out.println("Username: " + rs.getString("username"));
            }

        } catch (SQLException e) {
            System.err.println("❌ Database connection failed: " + e.getMessage());
        }
    }
}

Java Alert System

Michael Isijola — Sat, 02 Aug 2025 17:42:11 +0000

Overview:

This is a console-based Critical Event Alert System. It allows users to:

Register new alerts with critical severity. 2.View all registered critical alerts.
Exit the application. It integrates security validation, logging, and metrics tracking using modular components.

App.java (Main Class / Entry Point):
Continuously displays a menu for the user:
Option 1: Register a new alert (user inputs a message).
Option 2: View all critical alerts.
Option 3: Exit the program.
Uses:

Scanner
to read user input.
AlertService
to manage alert creation and retrieval.
CSRFTokenValidator
to simulate security check before accepting alert.
LoggingUtil
to log activity.
MetricsPublisher
to simulate tracking metrics (e.g., alert registration count).
AlertService.java (Business Logic Layer):
Stores all alerts in memory.
Allows registering new alerts.
Can retrieve only alerts marked with "CRITICAL" severity.

CSRFTokenValidator.java (Security Utility):
Simple static class that checks if a token equals"
secure-token
".
Used to simulate protection against Cross-Site Request Forgery (CSRF) attacks.
LoggingUtil.java (Observability - Logging): Logs messages to the console with
[LOG]
prefix.
Used to track events like alert registration.
MetricsPublisher.java (Observability - Metrics):
Prints a metric to the console with
[METRIC]
prefix.
Used to simulate publishing a metric when an alert is registered.
Alert.java (Data Model): Represents an alert object with:
A message (e.g. "Disk failure detected"). A severity level (hardcoded to
"CRITICAL�
). Overrides
toString()
to print alert details in format:
[CRITICAL] message
.
Design Highlights: Modular design with clear separation of concerns:
UI/Input:
App.java

Business logic:
AlertService

Security:
CSRFTokenValidator

Observability:
LoggingUtil
,
MetricsPublisher

Data model:
Alert

Good practices used:
Simple CSRF validation simulation.
In-memory alert filtering.
Logging and metric output for observability.
Suitable as a starter project or coding demo for showcasing architecture, observability, and secure design patterns.

-----------   Entry Point     ----------------

package com.mickeymuller;

import java.util.Scanner;

import com.mickeymuller.model.Alert;
import com.mickeymuller.observability.LoggingUtil;
import com.mickeymuller.observability.MetricsPublisher;
import com.mickeymuller.security.CSRFTokenValidator;
import com.mickeymuller.service.AlertService;

public class App {
    public static void main(String[] args) {
        Scanner scanner = new Scanner(System.in);
        AlertService alertService = new AlertService();

        while (true) {
            System.out.println("\n--- Critical Event Alert System ---");
            System.out.println("1. Register New Alert");
            System.out.println("2. Show Critical Alerts");
            System.out.println("3. Exit");
            System.out.print("Enter choice: ");
            int choice = scanner.nextInt();
            scanner.nextLine(); // consume newline

            switch (choice) {
                case 1:
                    handleRegisterAlert(alertService, scanner);
                    break;
                case 2:
                    for (Alert alert : alertService.getCriticalAlerts()) {
                        System.out.println(alert);
                    }
                    break;
                case 3:
                    System.exit(0);
                default:
                    System.out.println("Invalid choice.");
            }
        }
    }

    private static void handleRegisterAlert(AlertService alertService, Scanner scanner) {
        System.out.print("Enter alert message: ");
        String message = scanner.nextLine();
        Alert alert = new Alert(message, "CRITICAL");

        if (CSRFTokenValidator.validate("secure-token")) {
            alertService.registerAlert(alert);
            LoggingUtil.log("Registered new alert: " + message);
            MetricsPublisher.publish("alert.registered");
        } else {
            System.out.println("CSRF validation failed. Alert not registered.");
        }
    }
}

------------- End ----------------

------------- Alert Service ---------

package com.mickeymuller.service;

import java.util.ArrayList;
import java.util.List;

import com.mickeymuller.model.Alert;

public class AlertService {
    private final List<Alert> alerts = new ArrayList<>();

    public void registerAlert(Alert alert) {
        alerts.add(alert);
    }

    public List<Alert> getCriticalAlerts() {
        List<Alert> critical = new ArrayList<>();
        for (Alert alert : alerts) {
            if ("CRITICAL".equals(alert.getSeverity())) {
                critical.add(alert);
            }
        }
        return critical;
    }
}
------------- End --------------------

------------ Token Validator -----------
package com.mickeymuller.security;

public class CSRFTokenValidator {
    public static boolean validate(String token) {
        // Simulate token check
        return "secure-token".equals(token);
    }
} 

--------- End ----------------

--------- Logging Util---------

package com.mickeymuller.observability;

public class LoggingUtil {
    public static void log(String message) {
        System.out.println("[LOG] " + message);
    }
}

----------- End ----------

--------  Metric Publisher -------

package com.mickeymuller.observability;

public class MetricsPublisher {
    public static void publish(String metric) {
        System.out.println("[METRIC] Published: " + metric);
    }
}

----------- End --------------

------------ Model -------------

package com.mickeymuller.model;

public class Alert {
    private String message;
    private String severity;

    public Alert(String message, String severity) {
        this.message = message;
        this.severity = severity;
    }

    public String getMessage() {
        return message;
    }

    public String getSeverity() {
        return severity;
    }

    @Override
    public String toString() {
        return "[" + severity + "] " + message;
    }
}

CI/CD Pipeline for Secure Java Alert System with Docker & GitHub Actions

Michael Isijola — Sat, 02 Aug 2025 17:40:15 +0000

This setup defines a CI/CD pipeline and containerization strategy for the Critical Alert System, a Java-based backend application. It is composed of three key components: 1. Dockerfile
A multi-stage Docker build:
Stage 1 (Builder Stage):
Uses a Maven image (maven:3.9.5-eclipse-temurin-17) to build the project. It compiles the Java code and packages it into a JAR file using mvn clean package -DskipTests.
Stage 2 (Runtime Stage): Uses a lightweight JDK image (eclipse-temurin:17-jdk) to run the built JAR file. This reduces the final image size for deployment.

.dockerignore Optimizes the Docker context by excluding unnecessary files and folders, such as: The entire target/ directory except the final JAR. Git-related files, IDE configs (.idea/), and project metadata (*.iml, README.md, etc.).
.github/workflows/critical-alert-ci.yml This GitHub Actions workflow automates the CI/CD process: Triggers: On push or pull_request to the main branch. Environment Setup: Checks out the code. Sets up Java 17 using the temurin distribution. Builds and verifies the project using Maven. Docker Integration: Logs into GitHub Container Registry (GHCR) securely. Builds the Docker image. Pushes the image to GHCR. (Optional) Deployment: A placeholder for automated deployment on merges to main. Purpose & Benefits: Ensures consistent builds, security validation, and automated deployments. Promotes DevOps best practices: Immutable Docker builds, CI/CD automation, secure token handling, and streamlined container publishing.

Dockerfile



 # First stage: build the JAR

FROM maven:3.9.5-eclipse-temurin-17 AS builder

WORKDIR /app

COPY pom.xml .

COPY src ./src

RUN mvn clean package -DskipTests



# Second stage: run the app

FROM eclipse-temurin:17-jdk

WORKDIR /app

COPY --from=builder /app/target/critical-alert-system-*.jar app.jar

ENTRYPOINT ["java", "-jar", "app.jar"].      

-------------------------------------------------------

.dockerignore



 # Ignore everything in target except the final JAR

target/*

!target/critical-alert-system-*.jar



# General exclusions

.git/

.gitignore

README.md

Dockerfile

*.iml

.idea/.   



---------------------------------------------------------------------------

.github/workflows/critical-alert-ci.yml





 name: CI/CD - Critical Alert Systems



on:

  push:

    branches: [ "main" ]

  pull_request:

    branches: [ "main" ]



env:

  IMAGE_NAME: ghcr.io/${{ github.repository }}:latest



jobs:

  build-test-docker:

    runs-on: ubuntu-latest



    steps:

      - name: Checkout code

        uses: actions/checkout@v3



      - name: Set up Java 17

        uses: actions/setup-java@v3

        with:

          java-version: '17'

          distribution: 'temurin'



      - name: Build with Maven

        run: mvn clean verify



      - name: Log in to GHCR

        run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin





      - name: Set lowercase image name

        id: vars

        run: echo "IMAGE_NAME=ghcr.io/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]'):latest" >> $GITHUB_ENV



      - name: Build Docker image

        run: docker build -t $IMAGE_NAME .



      - name: Push Docker image to GHCR

        run: docker push $IMAGE_NAME



      - name: Deploy (optional)

        if: github.ref == 'refs/heads/main'

        run: echo "Deploying to production"