Page 1 of 1
help a newbie please
Posted: Wed Jul 24, 2002 1:03 pm
by lexx
Hi! I am new to mysql and my question is probably already answered somewhere but I cant find it.
So I want to create a databse....
I create a table and stuff that follows....
How do you set a password to database? and how do you connect to the database using php, I mean how do you make it that no one can see the password?
Posted: Wed Jul 24, 2002 7:06 pm
by enygma
that's not the way MySQL works....
with MySQL, the restrictions are in the "mysql" database tables, and that controls who has access to do what on each database.
create database <databasename>
will make a database, but there's not a way to "hide" the username/password in the PHP script...you have to put it in there in the mysql_connect
Posted: Wed Jul 24, 2002 8:41 pm
by lexx
so is this right?
Code: Select all
<?
//database variables
$username="admin"; // main username
$password="admin"; // main password
$database="membData";
// get user input
$name=$_POSTї'name'];
$pass=$_POSTї'password'];
//access database
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM members";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
echo "<b><center>Database Output</center></b><br><br>";
$i=0;
while ($i < $num) {
$data_name=mysql_result($result,$i,"user");
$data_pass=mysql_result($result,$i,"password");
if(($name==$data_name) && ($pass==$data_pass))
{
echo "WELCOME<br>";
echo "<b>$name</b><br>";
}
else
{
echo "access denide<br>";
}
++$i;
}
?>
Posted: Thu Jul 25, 2002 3:05 am
by twigletmac
Try this:
Code: Select all
<?php
//database variables
$db_user = 'admin'; // main username
$db_pass = 'admin'; // main password
$database = 'membData';
// get user input
$name=$_POSTї'name'];
$pass=$_POSTї'password'];
//access database
@$db_conn = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error());
@mysql_select_db($database) or die('Unable to select database'.mysql_error());
// Do the testing in the SQL - don't need all the results to check a password, user combination
$query = "SELECT user, password FROM members WHERE user='$name' AND password='$pass'";
$result = mysql_query($query) or die(mysql_error().'<p>'.$query.'</p>');
echo '<p align="center"><b>Database Output</b></p>';
// Checking to see if there is a result
if (mysql_num_rows($result) == 1) {
echo '<p>WELCOME <b>'.$user.'</b></p>';
} else {
echo '<p>access denied</p>';
}
?>
Mac
Posted: Thu Jul 25, 2002 10:46 am
by lexx
Code: Select all
$db_user = 'admin'; // main username
$db_pass = 'admin'; // main password
how do you protect that?
Posted: Thu Jul 25, 2002 10:56 am
by llimllib
First off, nobody should be able to see any of your PHP code. If they do, your web server is either compromised or misconfigured. If you still want greater security, try putting those passwords in a file that is not on the web server's path, and then including it.
In other words, if your web document root is /www, you could put the file in /home/user/password.php. To include that file, just use
Code: Select all
include_once '/home/user/password.php';
Posted: Fri Jul 26, 2002 3:35 pm
by lexx
I have hosted server that has everything (mysql and other stuff)
Where do I put my database?