➕ CREATE Operation - Add New Student

Learn how to insert new data into the database

What is the CREATE Operation?

CREATE (INSERT) is the operation used to add new data to the database. It takes data from a form, validates it, and stores it permanently in the database.

CREATE operations are used whenever you sign up for a service, create a new account, add a new product to an e-commerce store, or post on social media.

SQL Query Used:

INSERT INTO students (name, email, class, status)
VALUES ('John Doe', 'john@example.com', 'A', 'active');

Key Features of CREATE:

  • Adds new records to the database
  • Input validation prevents bad data
  • Prepared statements prevent SQL injection
  • Usually requires user authentication (admin only in this system)

📋 How CREATE Works - Step by Step

1️⃣ User Submits Form

User fills out a form with student information (name, email, class, status)

2️⃣ Server Validates Data

PHP checks: Are all fields filled? Is the email valid? Is there a valid status?

3️⃣ Prepare SQL Statement

Create a prepared statement to prevent SQL injection attacks

4️⃣ Execute INSERT Query

Run the SQL INSERT command to add the new record to the database

5️⃣ Confirm Success

Show success message and clear the form or redirect to list of students

⚠️ This is a Demo Form

The form below shows how a CREATE operation looks and feels. To actually create students in the database, you need to login to the admin panel. This keeps your data safe by requiring authentication.

🎨 Example CREATE Form

Example: John Doe
Example: john@example.com
Example: A, B, C, 10th Grade, etc.

⚠️ This form is disabled (read-only). Login as admin to create real students.

🔐 Login to Create Students

✅ Validation Rules

✔ Name Field

Required, non-empty, max 100 characters

✔ Email Field

Required, must be valid email format (contains @)

✔ Class Field

Required, non-empty, max 50 characters

✔ Status Field

Required, must be 'active' or 'inactive'

🔐 Security Measures

Prepared Statements

We use prepared statements to prevent SQL injection attacks. This separates the SQL query from the data.

$stmt = $conn->prepare('INSERT INTO students (name, email, class, status) VALUES (?, ?, ?, ?)');
$stmt->bind_param('ssss', $name, $email, $class, $status);
$stmt->execute();

Input Validation

All inputs are validated before being stored in the database to ensure data quality.

if (!$name || !$email || !$class || !$status) {
$error = 'All fields are required.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Invalid email.';
}

📚 Continue Learning CRUD

Now that you understand the CREATE operation, explore the other operations:

👁️ READ Operation ✏️ UPDATE Operation 🗑️ DELETE Operation 🔐 Login to Try