help a newbie please

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
lexx
Forum Newbie
Posts: 21
Joined: Sat Jun 08, 2002 10:30 pm

help a newbie please

Post by lexx »

Hi! I am new to mysql and my question is probably already answered somewhere but I cant find it.
So I want to create a databse....
I create a table and stuff that follows....
How do you set a password to database? and how do you connect to the database using php, I mean how do you make it that no one can see the password?
User avatar
enygma
Site Admin
Posts: 175
Joined: Fri Apr 19, 2002 8:29 am
Location: Dallas, Tx

Post by enygma »

that's not the way MySQL works....
with MySQL, the restrictions are in the "mysql" database tables, and that controls who has access to do what on each database.

create database <databasename>

will make a database, but there's not a way to "hide" the username/password in the PHP script...you have to put it in there in the mysql_connect
lexx
Forum Newbie
Posts: 21
Joined: Sat Jun 08, 2002 10:30 pm

Post by lexx »

so is this right?

Code: Select all

<?
//database variables
$username="admin"; // main username
$password="admin"; // main password
$database="membData";

// get user input
$name=$_POST&#1111;'name'];
$pass=$_POST&#1111;'password'];

//access database
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM members";
$result=mysql_query($query);

$num=mysql_numrows($result); 

mysql_close();
echo "<b><center>Database Output</center></b><br><br>";

$i=0;
while ($i < $num) &#123;

$data_name=mysql_result($result,$i,"user");
$data_pass=mysql_result($result,$i,"password");

if(($name==$data_name) && ($pass==$data_pass))
&#123;
echo "WELCOME<br>";
echo "<b>$name</b><br>";
&#125;
else
&#123;
echo "access denide<br>";
&#125;

++$i;
&#125; 

?>
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Try this:

Code: Select all

<?php
//database variables 
$db_user = 'admin'; // main username 
$db_pass = 'admin'; // main password 
$database = 'membData'; 

// get user input 
$name=$_POST&#1111;'name']; 
$pass=$_POST&#1111;'password']; 

//access database 
@$db_conn = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error()); 
@mysql_select_db($database) or die('Unable to select database'.mysql_error());

// Do the testing in the SQL - don't need all the results to check a password, user combination
$query = "SELECT user, password FROM members WHERE user='$name' AND password='$pass'"; 
$result = mysql_query($query) or die(mysql_error().'<p>'.$query.'</p>');

echo '<p align="center"><b>Database Output</b></p>'; 
// Checking to see if there is a result
if (mysql_num_rows($result) == 1) &#123;
	echo '<p>WELCOME <b>'.$user.'</b></p>';
&#125; else &#123;
	echo '<p>access denied</p>';
&#125;
?>
Mac
lexx
Forum Newbie
Posts: 21
Joined: Sat Jun 08, 2002 10:30 pm

Post by lexx »

Code: Select all

$db_user = 'admin'; // main username 
$db_pass = 'admin'; // main password
how do you protect that?
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

First off, nobody should be able to see any of your PHP code. If they do, your web server is either compromised or misconfigured. If you still want greater security, try putting those passwords in a file that is not on the web server's path, and then including it.
In other words, if your web document root is /www, you could put the file in /home/user/password.php. To include that file, just use

Code: Select all

include_once '/home/user/password.php';
lexx
Forum Newbie
Posts: 21
Joined: Sat Jun 08, 2002 10:30 pm

Post by lexx »

I have hosted server that has everything (mysql and other stuff)
Where do I put my database?
Post Reply