I'm working on learning this PHP thing so if someone could just answer these few questions that i got.
First off... i'm using Dreamweaver MX for windows to create my webpages/webapplications. In it, you can easily create PHP pages that interact witht the MySQL database. With that in mind...
1.) When this happens though, php scripts that interact with the database have some sort of a "connection" tag that points to a different php file. The php file it points to contains info for connecting to the database, including the username and password in plain text. How can i prevent someone from downloading that file and then gaining access to my database?
And my last 2 questions (for now)...
Dreamweaver MX has great tutorials, but just when i got to the dynamic forms part, it said something like "Unfortunately this part of the tutorial has no info for PHP or asp.NET". Ok so i'll have to figure this out on my own, with some advice...
2.) I want to create a login/password page. You enter the username/password and when you click send, it forwards you to a page something like "form_process.php", and after "form_process.php" searches the database for the username and passwords, it sends you to a login successful page. So i guess that this would require 3 pages... this is possible right?
3.) I hear you can do just about anything with PHP, so i'll assume you can do what i asked in the previous question... but how do you pass variables and other info to other pages? Is it through cookies?
Now i'm not really asking for actual scripts here, but any advice is much appreciated!
Thanks for any info!
I need a little info/advice
Moderator: General Moderators
1) write it yourself, don't rely on a tool to do the work for you until you know how to do that work yourself.
2) a login page can all be on one page if done correctly. just have the page resubmit to itself
3) there's lots of ways to get information to other pages, including using the GET string (foo.php?id=1&foo=2), POSTing information (like with a form), using cookies as you mentioned, and, my personal favorite, sessions - that allow you to create a session that can store all sorts of information in it, like variables and values for them, and carry them across pages, as long as the session is active.
2) a login page can all be on one page if done correctly. just have the page resubmit to itself
3) there's lots of ways to get information to other pages, including using the GET string (foo.php?id=1&foo=2), POSTing information (like with a form), using cookies as you mentioned, and, my personal favorite, sessions - that allow you to create a session that can store all sorts of information in it, like variables and values for them, and carry them across pages, as long as the session is active.
i need a little info/advice
Allright, but wouldn't the login page need some sort of tag to connect to the database? I've seen tags like that, that connect to a database, but the login name and password for the database are displayed. Couldn't someone just "view source" and see the login info for the database (serious security issue). Or is there a different way?a login page can all be on one page if done correctly. just have the page resubmit to itself
I've kinda heard about sessions, and they seem very useful, i'll look into those.and, my personal favorite, sessions - that allow you to create a session that can store all sorts of information in it, like variables and values for them, and carry them across pages, as long as the session is active.
Thanks for the info! I appreciate it!
If it's in ".php" they can't see the password...ncluding the username and password in plain text. How can i prevent someone from downloading that file and then gaining access to my database?
If you want a login system make it yourself, try http://www.phpbuilder.com
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If your webserver is setup to parse .php files as PHP files and the file with your database connection information in it has a .php extension then it's unlikely (only possible if you've done something silly like echo out the variables) that the information in the functions (not tags) will be accessible by viewing source. If they download the file they'll still only see what the browser would see unless they've gained access to your ftp username and password.
Mac
Mac
Thanks for the info
Ok cool. Thanks for the info, it's really helped me in my understanding of PHP.
Thanks for all the replies!
Thanks for all the replies!