A curated collection of full-stack web applications built with pure PHP, MySQLi, HTML, and CSS. Every project uses sessions for state management and relational database tables to reflect real-world data design. No PDO. No frameworks. Raw, honest server-side development.
A complete library cataloguing and borrowing platform where librarians manage book inventory, register members, and track the full lifecycle of each borrowing transaction — from checkout through return with fine calculation for overdue items.
The system has two distinct user roles stored in the session: librarian (admin) and member. When a librarian logs in, the session stores their role, enabling access to administrative panels for adding or editing books and registering members. Members can browse the catalogue, search by author or category, and request borrowing through a session-held reservation queue.
Multi-role session management, complex JOIN queries across three tables at once, and real-world date/time calculations — skills directly applicable to any transactional web application.
A clinical workflow application where patients book appointments with specific doctors, and doctors access patient histories, log diagnoses, and prescribe medications — all with department-level access control enforced through sessions.
Upon login, the session stores the user's role (patient, doctor, admin) and their ID. A patient's dashboard shows only their appointments and records, because every SQL query filters by the session's patient_id. A doctor sees only appointments assigned to them. An admin sees the full hospital overview and manages departments and doctor assignments.
Building deeply relational schemas, implementing a status-driven workflow, and writing JOIN queries that traverse four or more tables — a critical skill for enterprise application development.
A functional online shop where users browse products by category, add items to a session-based shopping cart, place orders with payment status tracking, and leave reviews — while admins manage inventory and order fulfilment.
The shopping cart is stored entirely in the PHP session as an associative array of product_id → quantity. This allows guest browsing and carting without a database write. On checkout, the session cart is converted into a permanent order record, order_items rows are inserted for each line item, and the session cart is cleared. Stock levels in the products table are decremented atomically.
Why temporary data belongs in sessions and permanent data in the database, and how to atomically convert one into the other — a pattern used in virtually every transactional web system.
An academic grading platform where teachers enter marks for each subject, the system auto-calculates GPA, generates printable report cards, and students log in to view their academic history across semesters.
The active semester is saved in the session when a teacher selects it, so all subsequent grade-entry forms are automatically scoped to that semester without requiring an extra dropdown each time. Students log in and see a dashboard that uses GROUP BY on their grades to compute per-subject averages and a cumulative GPA, displayed in a formatted transcript layout.
Aggregate SQL functions (AVG, COUNT, SUM, GROUP BY) and how using enrollment as an intermediate entity prevents data integrity problems — a fundamental normalisation concept.
A human resources platform that manages employee salary records, monthly payroll generation, leave requests with approval workflows, and department-level reporting — covering core HR operations within a single application.
Employees submit multi-day leave requests. The session holds the partially-filled leave form across multiple pages, preventing loss if the user navigates away. HR admins see a pending-approvals queue and can approve or reject with a reason. On approval, the employee's leave_balance is decremented via PHP calculation before the database update.
Self-referencing foreign keys, multi-step session-based forms, and approval workflow state machines — including transactional query concepts ensuring payroll records are never partially written.
A secure digital voting platform where administrators create election campaigns with candidates, registered voters cast a single authenticated vote, and results are tallied in real-time with visual percentage breakdowns.
Before rendering the voting form, PHP checks both the database (has a vote record with this voter_id and election_id already been inserted?) and the session (was this vote recorded during the current session?). This dual-layer check prevents database-level duplicate votes and form resubmission attacks. The results page runs a COUNT grouped by candidate_id and calculates each candidate's vote percentage in PHP before rendering the progress bars.
Defence-in-depth: enforcing business rules at both the application layer (PHP/session) and the database layer (UNIQUE constraints). Students learn that application logic alone is never sufficient for data integrity.
A hotel booking platform where guests search for available rooms by date range, make reservations that update availability in real-time, and managers generate occupancy reports and handle check-in/check-out tracking.
When a guest enters check-in and check-out dates, those dates are saved in the session. Every subsequent page reads them from the session rather than passing them through URLs. The availability query uses a NOT EXISTS subquery to exclude any room with an overlapping booking: any booking where check_in is before the desired check-out AND check_out is after the desired check-in.
Date-range overlap logic — one of the most commonly misunderstood SQL concepts. This project forces students to think through all four overlap cases and encode them correctly, a skill applicable to any reservation system.
A full-featured publishing platform with author accounts, categorised blog posts, a nested comment system, tag management, and an admin panel for post moderation — built without any CMS framework.
Authors log in and are taken to their personal dashboard showing only their own posts. The session holds the author_id, automatically attached to new posts on creation. Guest commenters have their name stored in the session so subsequent comments pre-fill the form. Nested comments are achieved with a self-referencing parent_id column, and the PHP rendering logic recursively builds the comment tree.
Recursive data structures in SQL, many-to-many relationships, and URL slug-based routing. The self-referencing comment table demonstrates how relational data can model tree structures.
A warehouse inventory system that tracks product stock levels via a transaction ledger, manages supplier relationships, records purchase orders, and triggers low-stock alerts when quantities fall below defined thresholds.
Rather than storing current stock as a single number that gets updated, this system uses a ledger approach: every stock movement (receiving goods, selling, adjusting) is logged as a transaction with a type (IN or OUT) and quantity. The current stock level is always computed as SUM(quantity WHERE type=IN) - SUM(quantity WHERE type=OUT). This approach preserves a complete audit trail and is the standard pattern in professional inventory systems.
The ledger pattern versus the mutable-state pattern is a pivotal architectural lesson. Students also learn to use aggregate queries to derive computed state, and to appreciate why an audit trail is often more valuable than a simple counter.
An event management system where organisers create events with tiered ticket categories, attendees purchase tickets that generate unique booking codes, and event staff can validate tickets through a check-in interface.
When an attendee selects tickets, the quantity is added to a session-based cart. The session also temporarily holds a ticket reservation (reducing available count) for a configurable timeout (e.g., 10 minutes) to prevent overbooking during checkout. On payment confirmation, permanent ticket records are inserted with PHP-generated unique booking codes, and the temporary reservation is released. Staff can search a booking code to mark it as used during entry.
Temporary reservation patterns, concurrency-safe capacity checking using SELECT ... FOR UPDATE concepts, and how to generate and validate unique codes in PHP. The tiered pricing model also teaches polymorphic pricing within a single event.
A timed examination platform where teachers create multi-type quizzes (MCQ, true/false, short answer), students take exams with a countdown timer enforced server-side, and results are auto-scored and stored for review.
When a student starts an exam, the current Unix timestamp is stored in the session (not just displayed in the browser). Every time a page loads during the exam, PHP compares the current time to the session start time. If the time limit has elapsed, the exam is forcibly submitted regardless of how many questions remain. Answers are temporarily stored in the session as the student progresses, then bulk-inserted on submission, preventing incomplete records in the database.
Server-side time enforcement (why the timer must live in PHP sessions, not just JavaScript), polymorphic data (different question types sharing one table), and the importance of inserting data atomically on submission rather than question-by-question.
A point-of-sale style restaurant system where waitstaff take orders per table through a session-based ordering flow, the kitchen sees a live queue of pending items, and managers access sales analytics and menu control.
A waiter selects their assigned table at login; the table_id is stored in the session. As they add items to the order, those items accumulate in a session-based cart scoped to that table. Submitting the order inserts it into the database and marks the table as "occupied." The kitchen dashboard auto-refreshes and displays all pending order items grouped by table. When items are marked ready, their status updates; when the bill is requested, the order total is calculated via SUM(unit_price * quantity).
Context-scoped sessions (each session represents a specific table's order), status-driven item queues, and the importance of recording prices at transaction time rather than looking them up later — a critical concept for financial accuracy.
A property listing platform where agents publish properties with images and details, buyers search and filter by type, price, and location, save favourites to a personal list, and submit inquiries that go to the responsible agent.
Search filters (price range, bedrooms, type, location) are stored in the session so a buyer can browse results and navigate back to the search page without losing their criteria. A "Compare" feature stores up to three property IDs in the session array; the comparison page fetches all three and renders them side-by-side. Saving a favourite requires login and simply inserts a record into the saved_properties table, which is unique-constrained on (user_id, property_id).
Dynamic SQL construction (building WHERE clauses based on which filters are active), the session-as-comparison-basket pattern, and how to display multiple images per record using a one-to-many relationship.
A personal finance management tool where users log income and expense transactions, set monthly budget limits per category, and receive visual feedback on spending progress with monthly summaries and exportable reports.
The active month and year are stored in the session so the entire dashboard is scoped to that period. The main summary query groups transactions by category and type (income/expense), summing amounts with MySQL's SUM and GROUP BY. The budget comparison JOINs the budgets table to compare the budgeted amount against the actual spending per category, displaying a percentage-based progress bar for each.
Multi-dimensional aggregation (group by category AND month), LEFT JOIN usage to include categories with no transactions (showing zero spending), and the concept of derived data versus stored data in financial contexts.
A lightweight Trello-style collaborative project tool where teams manage projects with boards, assign tasks to members, track progress through status columns, set priorities, and communicate through task-level comments.
Access to each project is gated by a check against the project_members table — the session user_id must exist as a member of the project before any project data is displayed. When a task is moved between status columns (To Do → In Progress → Done), a PHP endpoint updates the task's status field and simultaneously inserts a record into the activity_log table, creating an immutable history of all actions on each task.
Row-level access control using relational membership tables, immutable audit logging as a first-class concern, and how to structure role-based permissions within a shared resource model.
A public transport booking platform where passengers search routes between cities, select departure times, pick available seats from a visual seat map, and complete bookings that block those seats in the database.
The booking process spans three pages: route selection, seat selection, and passenger details. The session holds the chosen schedule_id and then the seat_id as the user progresses. The seat availability query checks the bookings table for any confirmed booking matching that seat_id and schedule_id. The seat map renders each seat's status (available, booked, selected) using a CSS class driven by the database query result.
Separating physical assets (seats belonging to buses) from transactional records (bookings belonging to schedules), multi-step session flows, and how composite unique constraints protect inventory resources at the database level.
A simplified social platform where users create profiles, post updates, send/accept friend requests, react to posts, comment, and receive a personalised feed showing only content from their network.
The news feed is generated by querying posts WHERE the author_id is IN a subquery that fetches all accepted friend IDs of the session user, combined with a UNION of the user's own posts. The friendships table uses a canonical pair convention (always storing the lower user_id as user_id_1) to avoid duplicate entries. Friend request status (pending, accepted, blocked) drives the UI shown when viewing another user's profile.
Graph-like relationships in relational databases, complex feed queries using IN with subqueries, session-cached counters to reduce database load, and the importance of indexing foreign keys in high-traffic tables.
A simulated retail banking application where users manage multiple accounts, transfer funds between them or to other users, view detailed transaction histories, and download monthly account statements.
The session stores not just the user_id but also a second flag (pin_verified = true) that is set only after the user enters their transaction PIN. This prevents any transfer from completing without this secondary check. Every transfer involves two database writes — a debit transaction for the source account and a credit transaction for the destination — which should be wrapped in a way that ensures both succeed or neither does, simulating atomicity.
Multi-step session authentication flows (password → PIN → action), the critical importance of atomic double-entry for financial transactions, and how to implement session-based inactivity timeouts — all patterns used in real banking software.
A focused appointment booking system for a clinic where patients select a doctor, view their available time slots for the coming days, book a slot, and receive a confirmation — while doctors control their availability calendar.
Doctors define their weekly working hours by inserting availability_slot records (e.g., Monday 09:00–12:00, slot_duration 30 minutes). When a patient views a doctor's booking calendar, PHP generates the list of potential slots from those templates, then queries the appointments table to mark which ones are already taken. The patient picks a free slot; the selected date and time are saved in the session before the final confirmation page.
The difference between template/availability data and actual booking records, slot-generation logic in PHP using loops and time arithmetic, and how to efficiently display a conflict-aware calendar grid using a single JOIN query.
A platform marketplace like Jumia or Etsy where multiple vendors each maintain their own product catalogue, receive orders routed to them, and the platform automatically calculates commission splits — with three-level session roles: buyer, vendor, and superadmin.
A buyer can add products from multiple vendors into one cart (session-stored). On checkout, the single order is split: each order_item knows which vendor it belongs to (via the product's vendor_id), and the commissions table records what percentage of each item's price goes to the platform versus the vendor. Vendors log in with the "vendor" session role and see only their own orders and products. The superadmin sees aggregated sales across all vendors and can trigger payouts to vendor bank accounts by updating the vendor_payouts table.
Multi-tenancy architecture (every query filtered by vendor_id), the complexity of splitting a single customer transaction into multiple vendor-specific records, preventing horizontal privilege escalation (a vendor accessing another vendor's data), and commission/financial split logic — one of the most sophisticated real-world patterns in marketplace development.