May 10, 2026 2 min read

PHP PDO CRUD System Tutorial 2026 — Jinsi ya Kutengeneza CRUD kwa PHP PDO na MySQL

Jifunze kutengeneza PHP PDO CRUD System kwa kutumia PHP, MySQL na Bootstrap. CRUD system ya kuongeza, kuonyesha, ku-edit, ku-update na kufuta data kwa usalama.

PHP PDO CRUD System ni Nini?

PHP PDO CRUD System ni mfumo unaowezesha kusimamia data kwenye database.

CRUD maana yake ni:

Create — kuongeza data
Read — kuonyesha data
Update — kubadilisha data
Delete — kufuta data

Kwa tutorials zaidi:
https://faulink.com

STEP 1 — Tengeneza Database
CREATE DATABASE php_pdo_crud;

USE php_pdo_crud;
STEP 2 — Tengeneza Table
CREATE TABLE students (
id INT AUTO_INCREMENT PRIMARY KEY,
full_name VARCHAR(150) NOT NULL,
gender ENUM('Male','Female') NOT NULL,
phone VARCHAR(30),
email VARCHAR(150),
class_name VARCHAR(100),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
STEP 3 — Database Connection

config.php

<?php
if (session_status() === PHP_SESSION_NONE) {
session_start();
}

$host = "localhost";
$dbname = "php_pdo_crud";
$user = "root";
$pass = "";

try {
$pdo = new PDO(
"mysql:host=$host;dbname=$dbname;charset=utf8mb4",
$user,
$pass,
[
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
]
);
} catch (PDOException $e) {
die("Database Connection Failed");
}

function clean($data) {
return htmlspecialchars(trim($data), ENT_QUOTES, 'UTF-8');
}
?>
STEP 4 — Add Student
<?php
require_once 'config.php';

$message = '';

if (isset($_POST['save_student'])) {
$full_name = clean($_POST['full_name'] ?? '');
$gender = clean($_POST['gender'] ?? '');
$phone = clean($_POST['phone'] ?? '');
$email = clean($_POST['email'] ?? '');
$class_name = clean($_POST['class_name'] ?? '');

if ($full_name == '' || $gender == '') {
$message = "Please fill required fields.";
} elseif ($email != '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "Invalid email address.";
} else {
$stmt = $pdo->prepare("
INSERT INTO students
(full_name, gender, phone, email, class_name)
VALUES (?, ?, ?, ?, ?)
");

$stmt->execute([
$full_name,
$gender,
$phone,
$email,
$class_name
]);

$message = "Student saved successfully.";
}
}
?>
STEP 5 — Add Form
<form method="POST">
<input type="text" name="full_name" placeholder="Full Name" required>

<select name="gender" required>
<option value="">Select Gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>

<input type="text" name="phone" placeholder="Phone">

<input type="email" name="email" placeholder="Email">

<input type="text" name="class_name" placeholder="Class">

<button type="submit" name="save_student">
Save Student
</button>
</form>
STEP 6 — Read Data
$students = $pdo->query("
SELECT *
FROM students
ORDER BY id DESC
")->fetchAll();
STEP 7 — Display Data Table
<table border="1" cellpadding="8">
<thead>
<tr>
<th>#</th>
<th>Full Name</th>
<th>Gender</th>
<th>Phone</th>
<th>Email</th>
<th>Class</th>
<th>Created</th>
</tr>
</thead>

<tbody>
<?php foreach ($students as $i => $student): ?>
<tr>
<td><?= $i + 1; ?></td>
<td><?= clean($student['full_name']); ?></td>
<td><?= clean($student['gender']); ?></td>
<td><?= clean($student['phone']); ?></td>
<td><?= clean($student['email']); ?></td>
<td><?= clean($student['class_name']); ?></td>
<td><?= clean($student['created_at']); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
STEP 8 — Edit Student
$editStudent = null;

if (isset($_GET['edit'])) {
$id = (int)$_GET['edit'];

$stmt = $pdo->prepare("
SELECT *
FROM students
WHERE id = ?
");
$stmt->execute([$id]);

$editStudent = $stmt->fetch();
}
STEP 9 — Update Student
if (isset($_POST['update_student'])) {
$id = (int)$_POST['id'];

$full_name = clean($_POST['full_name'] ?? '');
$gender = clean($_POST['gender'] ?? '');
$phone = clean($_POST['phone'] ?? '');
$email = clean($_POST['email'] ?? '');
$class_name = clean($_POST['class_name'] ?? '');

if ($full_name == '' || $gender == '') {
$message = "Please fill required fields.";
} elseif ($email != '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "Invalid email address.";
} else {
$stmt = $pdo->prepare("
UPDATE students SET
full_name = ?,
gender = ?,
phone = ?,
email = ?,
class_name = ?
WHERE id = ?
");

$stmt->execute([
$full_name,
$gender,
$phone,
$email,
$class_name,
$id
]);

$message = "Student updated successfully.";
}
}
STEP 10 — Delete Student
if (isset($_POST['delete_student'])) {
$id = (int)$_POST['id'];

$stmt = $pdo->prepare("
DELETE FROM students
WHERE id = ?
");

$stmt->execute([$id]);

$message = "Student deleted successfully.";
}
STEP 11 — CSRF Protection
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}

function checkCsrf() {
if (
empty($_POST['csrf_token']) ||
empty($_SESSION['csrf_token']) ||
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])
) {
die("Invalid security token.");
}
}

Kwenye form:

<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token']; ?>">
STEP 12 — Bootstrap CRUD Layout
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css&quot; rel="stylesheet">

<div class="container py-4">
<div class="card shadow-sm border-0 rounded-4">
<div class="card-body">
<h3 class="mb-3">PHP PDO CRUD System</h3>

<form method="POST" class="row g-3">
<div class="col-md-6">
<input type="text" name="full_name" class="form-control" placeholder="Full Name" required>
</div>

<div class="col-md-6">
<select name="gender" class="form-select" required>
<option value="">Select Gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</div>

<div class="col-md-4">
<input type="text" name="phone" class="form-control" placeholder="Phone">
</div>

<div class="col-md-4">
<input type="email" name="email" class="form-control" placeholder="Email">
</div>

<div class="col-md-4">
<input type="text" name="class_name" class="form-control" placeholder="Class">
</div>

<div class="col-12">
<button type="submit" name="save_student" class="btn btn-success">
Save Student
</button>
</div>
</form>
</div>
</div>
</div>
STEP 13 — Full CRUD Page Example

students.php

<?php
require_once 'config.php';

$message = '';
$editStudent = null;

if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}

function checkCsrf() {
if (
empty($_POST['csrf_token']) ||
empty($_SESSION['csrf_token']) ||
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])
) {
die("Invalid security token.");
}
}

if (isset($_POST['save_student'])) {
checkCsrf();

$full_name = clean($_POST['full_name'] ?? '');
$gender = clean($_POST['gender'] ?? '');
$phone = clean($_POST['phone'] ?? '');
$email = clean($_POST['email'] ?? '');
$class_name = clean($_POST['class_name'] ?? '');

if ($full_name == '' || $gender == '') {
$message = "Please fill required fields.";
} elseif ($email != '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "Invalid email address.";
} else {
$stmt = $pdo->prepare("
INSERT INTO students
(full_name, gender, phone, email, class_name)
VALUES (?, ?, ?, ?, ?)
");

$stmt->execute([
$full_name,
$gender,
$phone,
$email,
$class_name
]);

$message = "Student saved successfully.";
}
}

if (isset($_POST['update_student'])) {
checkCsrf();

$id = (int)($_POST['id'] ?? 0);
$full_name = clean($_POST['full_name'] ?? '');
$gender = clean($_POST['gender'] ?? '');
$phone = clean($_POST['phone'] ?? '');
$email = clean($_POST['email'] ?? '');
$class_name = clean($_POST['class_name'] ?? '');

if ($full_name == '' || $gender == '') {
$message = "Please fill required fields.";
} elseif ($email != '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = "Invalid email address.";
} else {
$stmt = $pdo->prepare("
UPDATE students SET
full_name = ?,
gender = ?,
phone = ?,
email = ?,
class_name = ?
WHERE id = ?
");

$stmt->execute([
$full_name,
$gender,
$phone,
$email,
$class_name,
$id
]);

$message = "Student updated successfully.";
}
}

if (isset($_POST['delete_student'])) {
checkCsrf();

$id = (int)($_POST['id'] ?? 0);

$stmt = $pdo->prepare("
DELETE FROM students
WHERE id = ?
");

$stmt->execute([$id]);

$message = "Student deleted successfully.";
}

if (isset($_GET['edit'])) {
$id = (int)$_GET['edit'];

$stmt = $pdo->prepare("
SELECT *
FROM students
WHERE id = ?
");
$stmt->execute([$id]);

$editStudent = $stmt->fetch();
}

$students = $pdo->query("
SELECT *
FROM students
ORDER BY id DESC
")->fetchAll();
?>

<!DOCTYPE html>
<html>
<head>
<title>PHP PDO CRUD System</title>

<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css&quot; rel="stylesheet">
</head>

<body class="bg-light">

<div class="container py-4">

<div class="card shadow-sm border-0 rounded-4 mb-4">
<div class="card-body">
<h3 class="mb-3">
<?= $editStudent ? 'Edit Student' : 'Add Student'; ?>
</h3>

<?php if ($message): ?>
<div class="alert alert-info">
<?= clean($message); ?>
</div>
<?php endif; ?>

<form method="POST" class="row g-3">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token']; ?>">

<?php if ($editStudent): ?>
<input type="hidden" name="id" value="<?= (int)$editStudent['id']; ?>">
<?php endif; ?>

<div class="col-md-6">
<input type="text"
name="full_name"
class="form-control"
placeholder="Full Name"
required
value="<?= clean($editStudent['full_name'] ?? ''); ?>">
</div>

<div class="col-md-6">
<select name="gender" class="form-select" required>
<option value="">Select Gender</option>

<option value="Male" <?= (($editStudent['gender'] ?? '') == 'Male') ? 'selected' : ''; ?>>
Male
</option>

<option value="Female" <?= (($editStudent['gender'] ?? '') == 'Female') ? 'selected' : ''; ?>>
Female
</option>
</select>
</div>

<div class="col-md-4">
<input type="text"
name="phone"
class="form-control"
placeholder="Phone"
value="<?= clean($editStudent['phone'] ?? ''); ?>">
</div>

<div class="col-md-4">
<input type="email"
name="email"
class="form-control"
placeholder="Email"
value="<?= clean($editStudent['email'] ?? ''); ?>">
</div>

<div class="col-md-4">
<input type="text"
name="class_name"
class="form-control"
placeholder="Class"
value="<?= clean($editStudent['class_name'] ?? ''); ?>">
</div>

<div class="col-12">
<?php if ($editStudent): ?>
<button type="submit" name="update_student" class="btn btn-success">
Update Student
</button>

<a href="students.php" class="btn btn-secondary">
Cancel
</a>
<?php else: ?>
<button type="submit" name="save_student" class="btn btn-success">
Save Student
</button>
<?php endif; ?>
</div>
</form>
</div>
</div>

<div class="card shadow-sm border-0 rounded-4">
<div class="card-body">
<h4 class="mb-3">Students List</h4>

<div class="table-responsive">
<table class="table table-bordered table-hover align-middle">
<thead class="table-dark">
<tr>
<th>#</th>
<th>Full Name</th>
<th>Gender</th>
<th>Phone</th>
<th>Email</th>
<th>Class</th>
<th>Created</th>
<th>Action</th>
</tr>
</thead>

<tbody>
<?php if ($students): ?>
<?php foreach ($students as $i => $student): ?>
<tr>
<td><?= $i + 1; ?></td>
<td><?= clean($student['full_name']); ?></td>
<td><?= clean($student['gender']); ?></td>
<td><?= clean($student['phone']); ?></td>
<td><?= clean($student['email']); ?></td>
<td><?= clean($student['class_name']); ?></td>
<td><?= clean($student['created_at']); ?></td>
<td>
<a href="students.php?edit=<?= (int)$student['id']; ?>"
class="btn btn-sm btn-primary">
Edit
</a>

<form method="POST"
style="display:inline;"
onsubmit="return confirm('Delete this record?')">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token']; ?>">
<input type="hidden" name="id" value="<?= (int)$student['id']; ?>">

<button type="submit"
name="delete_student"
class="btn btn-sm btn-danger">
Delete
</button>
</form>
</td>
</tr>
<?php endforeach; ?>
<?php else: ?>
<tr>
<td colspan="8" class="text-center text-muted">
No records found.
</td>
</tr>
<?php endif; ?>
</tbody>
</table>
</div>

</div>
</div>

</div>

</body>
</html>
Features za PHP PDO CRUD System
Add data
View data
Edit data
Update data
Delete data
PDO prepared statements
CSRF protection
Input validation
Bootstrap layout
Responsive table
Secure output
Mfumo Huu Unaweza Kutumika Wapi?
School Management System
Accounting System
Farm Management System
Hospital System
POS System
Inventory System
Payroll System
Admin Dashboard
Benefits za PHP PDO CRUD System
Secure Database Operations

PDO prepared statements zinalinda dhidi ya SQL Injection.

Easy Data Management

Unaweza kuongeza, kuona, kubadilisha na kufuta data kirahisi.

Professional Layout

Bootstrap hufanya system ionekane nzuri na responsive.

Easy Customization

Unaweza kubadilisha table kutoka students kwenda products, customers, workers au payments.

Hitimisho

PHP PDO CRUD System ni msingi muhimu kwa developer yeyote wa PHP.

Kwa kutumia PHP PDO, MySQL, Bootstrap, CSRF protection na prepared statements unaweza kutengeneza CRUD system salama na professional.

Kwa tutorials zaidi tembelea:

https://faulink.com

🚀 Unahitaji mfumo au website ya biashara?

Chagua huduma hapa chini kisha mteja bofya moja kwa moja kwenda kwenye ukurasa wa huduma au kuwasiliana nasi kwa WhatsApp.

🌐 Website Design 🏫 Mfumo wa Shule 🗄️Mfumo wa Mauzo 💳 Mfumo wa vikoba 💳 Mfumo wa Ratiba 💬 Chat WhatsApp
Share this post
Previous Next

Comments

0
No comments yet. Be the first to comment.

Continue Reading

Subscribe

Get new updates

Jiunge upokee posts mpya, tutorials, na updates za mifumo moja kwa moja kwenye email yako.

Faulink Support