Page 1 of 1

Authenticating to MySql?

Posted: Wed Feb 22, 2006 7:46 pm
by steves
mysql username = name
mysql password = password

This php code does work:

Code: Select all

// get the id from the URL request
		$employee = $_GET['employee'];

		// connect to the server
		mysql_connect( 'localhost', 'name', 'password' )
This doesn't:

Code: Select all

// get the id from the URL request
		$employee = $_GET['employee'];
		$password = $_GET['password'];

		// connect to the server
		mysql_connect( 'localhost', 'name', '$password' )
I also tried without the single quotes.

Anyone know why this doesn't work?

Thanks.

Posted: Wed Feb 22, 2006 8:07 pm
by josh
You need no quotes at all, or double quotes. Single quotes will not expand the variable.

Also try this:

Code: Select all

var_dump($password);
right before the attempt to connect to mysql, do you get what you expect?

Posted: Wed Feb 22, 2006 8:19 pm
by steves
Thanks. Double quotes worked. Then tried the vardump, and I just got NULL printed out above the rest of the output.

Posted: Wed Feb 22, 2006 8:22 pm
by steves
By the way, is there a simple way to pass this password from one php page to the next securely?

Posted: Wed Feb 22, 2006 8:28 pm
by feyd
Sessions, if at all. But not in plain text or any simple encryption.

Posted: Wed Feb 22, 2006 10:19 pm
by pennythetuff
As feyd said, you can pass data from page to page using the $_SESSION superglobal variable, but you don't want to pass any kind of sensitive information without properly securing it. I'm not any type of authority on securing things, but I think feyd is. I'm not sure if a hash would be an option or not. Here's an example of using $_SESSION's.

page_1.php

Code: Select all

//A session has to be created before any $_SESSION variable will work.
//This needs to be at the top of all pages using session variables.
session_start();

$_SESSION['test'] = "This is a session variable";
page_2.php

Code: Select all

session_start();

echo $_SESSION['test'];
Obviously page_2.php should print "This is a session variable" which was assaigned to $_SESSION['test'] in page_1.php.

As for the database connection problem it's best if you don't put any kind of quotes around the $password variable. Double quotes will work but it might confuse you later on. PHP takes single quotes literally. So if you pass '$password' it will literally pass the values $password and not the contents of the variable. Double quotes on the other hand won't do this.

Posted: Wed Feb 22, 2006 10:43 pm
by feyd
Steves, I hope you know what you're doing with using external data as authentication to get connected with MySQL. This is a fairly sticky subject if you're not writing a database management tool or similar thing.

Posted: Wed Feb 22, 2006 11:00 pm
by Christopher
steves wrote:

Code: Select all

// get the id from the URL request
        $employee = $_GET['employee'];
        $password = $_GET['password'];

        // connect to the server
        mysql_connect( 'localhost', 'name', '$password' )
If we find out you are doing something like this we will have to hunt you down! :D
steves wrote:By the way, is there a simple way to pass this password from one php page to the next securely?

You really should not get database passwords from the request. How about:

Code: Select all

// config.php
        $username = 'myuser';
        $password = 'mypass';

Code: Select all

include 'config.php';
mysql_connect( 'localhost', $username, $password);

Posted: Wed Feb 22, 2006 11:10 pm
by steves
Thanks, everyone, for your tips and your concern. Feyd, I do not know what I'm doing, but I'm learning. In the mean time, the server doesn't have a public IP, and I won't open it up to the internet until I'm comfortable that I do know what I'm doing. In fact, for the moment, the database isn't even on a server at all - it's on a Mac OS X client box.

I'm reading up, and asking the occasional question on this excellent forum. And I truly appreciate all the help I've been getting today!

Thanks,

Steve