Page 1 of 2

Using "include"

Posted: Wed Aug 17, 2011 10:21 am
by digdigdig
Hi.

What is the appropriate way to use an "include" function instead of revealing the DB Username and PW? I would like to replace the three lines after //make connection with some sort of Include that refers to a PHP connection file.

The Code now:

Code: Select all

 <?php

//make connection
mysql_connect ("localhost", "USER","PW") 
or die ('I cannot connect to the database because:  ' .mysql_error());
mysql_select_db ("Name") or die ('I cannot connect to the db because: ' .mysql_error());

//build query 
$query = mysql_query("SELECT * FROM Centers where City like '$City'")
or die ('cannot select table:' .msql_error());


echo "<table border=\"1\" width=\"930\" >";
echo "<tr><th width=\"145\">Name</th>";
echo "<th width=\"145\">Address</th>";
echo "<th width=\"20\">Phone</th>";
echo "<th width=\"300\" class=\"wraptext\" >Email</th>";
echo "<th width=\"300\" class=\"wraptext\" >Website</th></tr>";


//display results
while ($row =mysql_fetch_array($query)){
	
	
		
	echo "<tr><td>";
	echo $row['Name'];
	echo "</td><td>";
	echo $row['Address'];
	echo "</td><td>";
	echo $row['Phone'];
	echo "</td><td>";
	echo $row['Email'];
	echo "</td><td>";
	echo $row['Website'];
	echo "</td></tr>";
	}
	echo "</table>";
?>			
The connection.php:

Code: Select all

<?

DEFINE ('DB_USER', 'USER');
DEFINE ('DB_PSWD', 'PW');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'Name');

$dbcon = mysqli_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME);

?>
Many thanks...

Re: Using "include"

Posted: Wed Aug 17, 2011 10:39 am
by phphelpme
Check out my code on your other thread:

viewtopic.php?f=1&t=131143

You can assign a function and just call that function for the connections and create another page for your connections such as connect.php

Then use:

Code: Select all

include 'connect.php';
Or

Code: Select all

require_once("connect.php");
Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 10:53 am
by twinedev
Some additional notes:

1. use the require_once over include or include_once, as this will is something required for your code, and if not found, will then stop execution (a missing include will generate a warning and continue)

2. This doesn't really hide it, as if someone has some way to see the source of your other PHP code, they will have access to see where the included file is an mostly likely be able to see it as well. But this is good so it is all in one location for multiple scripts to call so you would only need to set it in one place.

3. So that you can use it no matter what directory level you are at, it can be a good idea to get used to doing it such as:

Code: Select all

require_once($_SERVER['DOCUMENT_ROOT'].'/core/db_connection.inc.php);
(I like to place included items in their own directory, and use .inc.php to better indicate that it is meant to be included, not directly called. I used to just do .inc , but then if you move the code to a server that is not set up to handle .inc as a .php file, the code is exposed.)

-Greg

Re: Using "include"

Posted: Wed Aug 17, 2011 11:00 am
by phphelpme
Yeah, I did that once with the .inc and it really annoyed me... lol

I like your idea of $_SERVER use though. That will really help out with different directories.

Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 11:38 am
by digdigdig
so...

Do i have this correct??

Code: Select all

 <?php

//make connection
require_once("Form/connect.php");

//build query 
$query = mysql_query("SELECT * FROM Centers where City like '$City'")
or die ('cannot select table:' .msql_error());


echo "<table border=\"1\" width=\"930\" >";
echo "<tr><th width=\"145\">Name</th>";
echo "<th width=\"145\">Address</th>";
echo "<th width=\"20\">Phone</th>";
echo "<th width=\"300\" class=\"wraptext\" >Email</th>";
echo "<th width=\"300\" class=\"wraptext\" >Website</th></tr>";


//display results
while ($row =mysql_fetch_array($query)){
		
	echo "<tr><td>";
	echo $row['Name'];
	echo "</td><td>";
	echo $row['Address'];
	echo "</td><td>";
	echo $row['Phone'];
	echo "</td><td>";
	echo $row['Email'];
	echo "</td><td>";
	echo $row['Website'];
	echo "</td></tr>";
	}
	echo "</table>";
?>			
Where this is connect.php

Code: Select all

<?

DEFINE ('DB_USER', 'sfayc_linda');
DEFINE ('DB_PSWD', 'dixie001');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'sfayc_Centers');

$dbcon = mysqli_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME);

?>
Also, the above connect.php is in another directory "Form". Is there a way to protect this login information from prying eyes?

Again, Thanks.

Re: Using "include"

Posted: Wed Aug 17, 2011 11:49 am
by phphelpme
Well its server side coding anyway but if you mean stop them viewing a list of files within your directory then you could just simply put a blank index.php file in there to stop the list showing or change your htaccess file to not display directory lists.

The option you are using is used as the industry standard anyway. I would not worry too much about what you are using and if you are using sensitive data then always use HTTPS.

Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 11:58 am
by digdigdig
Using the noted code I get the following result:
Warning: mysql_query() [function.mysql-query]: Access denied for user 'sfayc'@'localhost' (using password: NO) in /home/sfayc/public_html/centers.php on line 69

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/sfayc/public_html/centers.php on line 69

Fatal error: Call to undefined function msql_error() in /home/sfayc/public_html/centers.php on line 70
Here are the lines in question:

Code: Select all

//build query 
$query = mysql_query("SELECT * FROM Centers where City like '$City'")
or die ('cannot select table:' .msql_error());

Thanks!

Re: Using "include"

Posted: Wed Aug 17, 2011 12:03 pm
by phphelpme
Try using this script for your connect.php file:

Code: Select all

<?php
$host           =       '*****************';
$dbuser         =       '*************';
$dbpass         =       '****************';
$dbdatabase     =       '***********';

//This is used to connect to the MySQL Database
function database_connect()
        {
        global $host, $dbuser, $dbpass, $dbdatabase;
        mysql_connect($host,$dbuser,$dbpass) OR DIE ("Unable to connect to database");
        mysql_select_db($dbdatabase) OR DIE ("Unable To select database $dbdatabase within $host");
};

function database_close()
        {
        mysql_close();
};
Then just include the file and calll your function:

Code: Select all

require_once("Form/connect.php");

// Call the function to connect to database
database_connect();

// DO YOUR THING

// Close your database connection
database_close();
You will have created two functions using the above code. One to access the database connection and another to close it. It then only requires simple code to connect to your database on multiple pages.

It could be an issue with your database user access password assignment in mysql but try that code for now.

Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 12:20 pm
by digdigdig
Great. just one silly question!!

Does this go just before the "?>"
// Close your database connection
function database_close()

Re: Using "include"

Posted: Wed Aug 17, 2011 12:26 pm
by phphelpme
You close the database connection when you no longer need to use the database on that file etc or when the file has finished executing the database connection should close automatically anyway.

So to answer your question you put it after your php code syntax when you have finished grabbing info from the database. This location can change depending on each page you code.

You could leave the connection open until the end of the page like you said but I find it safe and use less system resources by closing the connection when I no longer need to connect and extract data from the database tables.

It was not a silly question and I am glad you asked really.

Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 12:31 pm
by digdigdig
I put it at the end and got this error:
Parse error: syntax error, unexpected ';', expecting '{' in /home/sfayc/public_html/centers.php on line 106
Line 106 is the ?>

Thoughts?

Re: Using "include"

Posted: Wed Aug 17, 2011 12:34 pm
by phphelpme
Put it just after your mysql query to close your database.

Code: Select all

$result = mysql_query("SELECT * FROM Centers where City like '$City'")
or die ('cannot select table:' .msql_error());

function database_close()
Best wishes

Re: Using "include"

Posted: Wed Aug 17, 2011 12:38 pm
by phphelpme
This is my code for you to look at:

Code: Select all

database_connect();

//build query 
$result = mysql_query("SELECT * FROM Centers where City like '$City'")
or die ('cannot select table:' .msql_error());




echo "<table border=\"1\" width=\"620\" >";
echo "<tr><th width=\"50\">Name</th>";
echo "<th width=\"50\">Address</th>";
echo "<th>Phone</th>";
echo "<th width=\"50\" class=\"wraptext\" >Email</th>";
echo "<th width=\"50\" class=\"wraptext\" >Website</th></tr>";


//display results
while ($row =mysql_fetch_array($result)){
        
        
                
        echo "<tr><td>";
        echo $row['Name'];
        echo "</td><td>";
        echo $row['Address'];
        echo "</td><td>";
        echo $row['Phone'];
        echo "</td><td>";
        echo $row['Email'];
        echo "</td><td>";
        echo $row['Website'];
        echo "</td></tr>";
        }
        echo "</table>";
database_close();

Re: Using "include"

Posted: Wed Aug 17, 2011 12:45 pm
by digdigdig
The close after the query did the trick!

Thanks for your patience....you have been very generous with you time.

:D

Re: Using "include"

Posted: Wed Aug 17, 2011 12:47 pm
by phphelpme
I just noticed on your code you were missing the ; at the end of the close function.

That was what was causing the error. Because if you move it to the end now it should work as long as you have the ; at the end.

Best wishes