Page 1 of 1
Authenticating to MySql?
Posted: Wed Feb 22, 2006 7:46 pm
by steves
mysql username = name
mysql password = password
This php code does work:
Code: Select all
// get the id from the URL request
$employee = $_GET['employee'];
// connect to the server
mysql_connect( 'localhost', 'name', 'password' )
This doesn't:
Code: Select all
// get the id from the URL request
$employee = $_GET['employee'];
$password = $_GET['password'];
// connect to the server
mysql_connect( 'localhost', 'name', '$password' )
I also tried without the single quotes.
Anyone know why this doesn't work?
Thanks.
Posted: Wed Feb 22, 2006 8:07 pm
by josh
You need no quotes at all, or double quotes. Single quotes will not expand the variable.
Also try this:
right before the attempt to connect to mysql, do you get what you expect?
Posted: Wed Feb 22, 2006 8:19 pm
by steves
Thanks. Double quotes worked. Then tried the vardump, and I just got NULL printed out above the rest of the output.
Posted: Wed Feb 22, 2006 8:22 pm
by steves
By the way, is there a simple way to pass this password from one php page to the next securely?
Posted: Wed Feb 22, 2006 8:28 pm
by feyd
Sessions, if at all. But not in plain text or any simple encryption.
Posted: Wed Feb 22, 2006 10:19 pm
by pennythetuff
As feyd said, you can pass data from page to page using the $_SESSION superglobal variable, but you don't want to pass any kind of sensitive information without properly securing it. I'm not any type of authority on securing things, but I think feyd is. I'm not sure if a hash would be an option or not. Here's an example of using $_SESSION's.
page_1.php
Code: Select all
//A session has to be created before any $_SESSION variable will work.
//This needs to be at the top of all pages using session variables.
session_start();
$_SESSION['test'] = "This is a session variable";
page_2.php
Code: Select all
session_start();
echo $_SESSION['test'];
Obviously page_2.php should print "This is a session variable" which was assaigned to $_SESSION['test'] in page_1.php.
As for the database connection problem it's best if you don't put any kind of quotes around the $password variable. Double quotes will work but it might confuse you later on. PHP takes single quotes literally. So if you pass '$password' it will literally pass the values $password and not the contents of the variable. Double quotes on the other hand won't do this.
Posted: Wed Feb 22, 2006 10:43 pm
by feyd
Steves, I hope you know what you're doing with using external data as authentication to get connected with MySQL. This is a fairly sticky subject if you're not writing a database management tool or similar thing.
Posted: Wed Feb 22, 2006 11:00 pm
by Christopher
steves wrote:Code: Select all
// get the id from the URL request
$employee = $_GET['employee'];
$password = $_GET['password'];
// connect to the server
mysql_connect( 'localhost', 'name', '$password' )
If we find out you are doing something like this we will have to hunt you down!
steves wrote:By the way, is there a simple way to pass this password from one php page to the next securely?
You really should not get database passwords from the request. How about:
Code: Select all
// config.php
$username = 'myuser';
$password = 'mypass';
Code: Select all
include 'config.php';
mysql_connect( 'localhost', $username, $password);
Posted: Wed Feb 22, 2006 11:10 pm
by steves
Thanks, everyone, for your tips and your concern. Feyd, I do not know what I'm doing, but I'm learning. In the mean time, the server doesn't have a public IP, and I won't open it up to the internet until I'm comfortable that I do know what I'm doing. In fact, for the moment, the database isn't even on a server at all - it's on a Mac OS X client box.
I'm reading up, and asking the occasional question on this excellent forum. And I truly appreciate all the help I've been getting today!
Thanks,
Steve