Authenticating to MySql?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
steves
Forum Newbie
Posts: 22
Joined: Wed Feb 22, 2006 9:04 am

Authenticating to MySql?

Post by steves »

mysql username = name
mysql password = password

This php code does work:

Code: Select all

// get the id from the URL request
		$employee = $_GET['employee'];

		// connect to the server
		mysql_connect( 'localhost', 'name', 'password' )
This doesn't:

Code: Select all

// get the id from the URL request
		$employee = $_GET['employee'];
		$password = $_GET['password'];

		// connect to the server
		mysql_connect( 'localhost', 'name', '$password' )
I also tried without the single quotes.

Anyone know why this doesn't work?

Thanks.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

You need no quotes at all, or double quotes. Single quotes will not expand the variable.

Also try this:

Code: Select all

var_dump($password);
right before the attempt to connect to mysql, do you get what you expect?
steves
Forum Newbie
Posts: 22
Joined: Wed Feb 22, 2006 9:04 am

Post by steves »

Thanks. Double quotes worked. Then tried the vardump, and I just got NULL printed out above the rest of the output.
steves
Forum Newbie
Posts: 22
Joined: Wed Feb 22, 2006 9:04 am

Post by steves »

By the way, is there a simple way to pass this password from one php page to the next securely?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Sessions, if at all. But not in plain text or any simple encryption.
pennythetuff
Forum Newbie
Posts: 22
Joined: Sun Feb 19, 2006 6:05 pm
Location: Kokomo, Indiana

Post by pennythetuff »

As feyd said, you can pass data from page to page using the $_SESSION superglobal variable, but you don't want to pass any kind of sensitive information without properly securing it. I'm not any type of authority on securing things, but I think feyd is. I'm not sure if a hash would be an option or not. Here's an example of using $_SESSION's.

page_1.php

Code: Select all

//A session has to be created before any $_SESSION variable will work.
//This needs to be at the top of all pages using session variables.
session_start();

$_SESSION['test'] = "This is a session variable";
page_2.php

Code: Select all

session_start();

echo $_SESSION['test'];
Obviously page_2.php should print "This is a session variable" which was assaigned to $_SESSION['test'] in page_1.php.

As for the database connection problem it's best if you don't put any kind of quotes around the $password variable. Double quotes will work but it might confuse you later on. PHP takes single quotes literally. So if you pass '$password' it will literally pass the values $password and not the contents of the variable. Double quotes on the other hand won't do this.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Steves, I hope you know what you're doing with using external data as authentication to get connected with MySQL. This is a fairly sticky subject if you're not writing a database management tool or similar thing.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

steves wrote:

Code: Select all

// get the id from the URL request
        $employee = $_GET['employee'];
        $password = $_GET['password'];

        // connect to the server
        mysql_connect( 'localhost', 'name', '$password' )
If we find out you are doing something like this we will have to hunt you down! :D
steves wrote:By the way, is there a simple way to pass this password from one php page to the next securely?

You really should not get database passwords from the request. How about:

Code: Select all

// config.php
        $username = 'myuser';
        $password = 'mypass';

Code: Select all

include 'config.php';
mysql_connect( 'localhost', $username, $password);
(#10850)
steves
Forum Newbie
Posts: 22
Joined: Wed Feb 22, 2006 9:04 am

Post by steves »

Thanks, everyone, for your tips and your concern. Feyd, I do not know what I'm doing, but I'm learning. In the mean time, the server doesn't have a public IP, and I won't open it up to the internet until I'm comfortable that I do know what I'm doing. In fact, for the moment, the database isn't even on a server at all - it's on a Mac OS X client box.

I'm reading up, and asking the occasional question on this excellent forum. And I truly appreciate all the help I've been getting today!

Thanks,

Steve
Post Reply