Hi! I am new to mysql and my question is probably already answered somewhere but I cant find it.
So I want to create a databse....
I create a table and stuff that follows....
How do you set a password to database? and how do you connect to the database using php, I mean how do you make it that no one can see the password?
help a newbie please
Moderator: General Moderators
that's not the way MySQL works....
with MySQL, the restrictions are in the "mysql" database tables, and that controls who has access to do what on each database.
create database <databasename>
will make a database, but there's not a way to "hide" the username/password in the PHP script...you have to put it in there in the mysql_connect
with MySQL, the restrictions are in the "mysql" database tables, and that controls who has access to do what on each database.
create database <databasename>
will make a database, but there's not a way to "hide" the username/password in the PHP script...you have to put it in there in the mysql_connect
so is this right?
Code: Select all
<?
//database variables
$username="admin"; // main username
$password="admin"; // main password
$database="membData";
// get user input
$name=$_POSTї'name'];
$pass=$_POSTї'password'];
//access database
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM members";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
echo "<b><center>Database Output</center></b><br><br>";
$i=0;
while ($i < $num) {
$data_name=mysql_result($result,$i,"user");
$data_pass=mysql_result($result,$i,"password");
if(($name==$data_name) && ($pass==$data_pass))
{
echo "WELCOME<br>";
echo "<b>$name</b><br>";
}
else
{
echo "access denide<br>";
}
++$i;
}
?>- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Try this:
Mac
Code: Select all
<?php
//database variables
$db_user = 'admin'; // main username
$db_pass = 'admin'; // main password
$database = 'membData';
// get user input
$name=$_POSTї'name'];
$pass=$_POSTї'password'];
//access database
@$db_conn = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error());
@mysql_select_db($database) or die('Unable to select database'.mysql_error());
// Do the testing in the SQL - don't need all the results to check a password, user combination
$query = "SELECT user, password FROM members WHERE user='$name' AND password='$pass'";
$result = mysql_query($query) or die(mysql_error().'<p>'.$query.'</p>');
echo '<p align="center"><b>Database Output</b></p>';
// Checking to see if there is a result
if (mysql_num_rows($result) == 1) {
echo '<p>WELCOME <b>'.$user.'</b></p>';
} else {
echo '<p>access denied</p>';
}
?>how do you protect that?Code: Select all
$db_user = 'admin'; // main username $db_pass = 'admin'; // main password
First off, nobody should be able to see any of your PHP code. If they do, your web server is either compromised or misconfigured. If you still want greater security, try putting those passwords in a file that is not on the web server's path, and then including it.
In other words, if your web document root is /www, you could put the file in /home/user/password.php. To include that file, just use
In other words, if your web document root is /www, you could put the file in /home/user/password.php. To include that file, just use
Code: Select all
include_once '/home/user/password.php';