connect problem?help
Page 1 of 1 • Share
- grimofdoomMember
- Forum Posts : 106
Member Since : 2012-03-06
I followed phpacademy's guide for login/register and ended with
and
- Code:
<?php
$_username=$_post['username'];
$_password=$_psot['password'];
if ($username&&$password)
{
$connect=mysql_connect("host","nmae","possiblepassword")or die ("could not connect");
mysql_select_db("users") or die("deaad");
}
else
die("please enter a username AND password $username");
?>
and
- Code:
<html>
<form action='login.php' method='post'>
username:<input type='text' name='username'><br>
password<input type='password' name='password'><br>
<input type='submit' value='log in'>
</form>
</html>
Last edited by grimofdoom on 9/4/2012, 2:04 pm; edited 1 time in total
- LGforumModerator
- Forum Posts : 77
Member Since : 2011-11-12
Okay first off, you NEED to get rid of mysql password and username from your above post. THAT IS SERIOUS SECURITY ISSUES. People could access your database and steal all the data and sell it. Not good.
Secondly, if you use curly braces in the IF then they should be used for ELSE too.
Plus you have a spelling mistake $_psot['password']
And lastly, you should change the IF to this:
if(!empty($username) && !empty($password))
And again lastly, you should be mysql escaping all user input to prevent mysql injection.
Google it, its one of the most important things to know about when dealing with databases.
Secondly, if you use curly braces in the IF then they should be used for ELSE too.
Plus you have a spelling mistake $_psot['password']
And lastly, you should change the IF to this:
if(!empty($username) && !empty($password))
And again lastly, you should be mysql escaping all user input to prevent mysql injection.
Google it, its one of the most important things to know about when dealing with databases.
- LGforumModerator
- Forum Posts : 77
Member Since : 2011-11-12
Oh and I just spotted another thing wrong with it.
Your IF will always false, because you've named the variables $_username and $_password not $username and $password...
All in all, it seems the video you watched sucked.
I'm gonna say this now actually after realising when your post was posted. You should change mysql user and password and delete the old one, unless your data will never be safe.
Your IF will always false, because you've named the variables $_username and $_password not $username and $password...
All in all, it seems the video you watched sucked.
I'm gonna say this now actually after realising when your post was posted. You should change mysql user and password and delete the old one, unless your data will never be safe.
- grimofdoomMember
- Forum Posts : 106
Member Since : 2012-03-06
- Code:
<?php
$username=$_post['username'];
$password=$_post['password'];
if(!empty($username) && !empty($password))
{
$connect=mysql_connect("1","33","3")or die ("could not connect");
mysql_select_db("users") or die("deaad");
} else
die("please enter a username AND password $username");
?>
- LGforumModerator
- Forum Posts : 77
Member Since : 2011-11-12
- Code:
<?php
$username=$_POST['username'];
$password=$_POST['password'];
if(!empty($username) && !empty($password))
{
echo 'both password and username were entered';
}
else {
die("please enter a username AND password $username");
}
?>
I'll also iterate again, that you make sure to look into database security and preventing SQL Injection.
- grimofdoomMember
- Forum Posts : 106
Member Since : 2012-03-06
that gives me an error at the "else {" line.
- LGforumModerator
- Forum Posts : 77
Member Since : 2011-11-12
What? .. It shouldn't. What PHP version is installed on your server?
Try this:
Try this:
- Code:
<?php
$username=$_POST['username'];
$password=$_POST['password'];
if(!empty($username) && !empty($password))
{
echo 'both password and username were entered';
}
else {
echo "please enter a username AND password $username";
exit;
}
?>
- grimofdoomMember
- Forum Posts : 106
Member Since : 2012-03-06
Were do i place the mysql connect
- Vanilla990Administrator
- Forum Posts : 114
Member Since : 2011-10-30
You could place it anywhere. I could recommend that you place the mysql connect information inside another .php file in a folder and make sure you have a .htaccess file in there which has the text "Deny From All". That will stop people being able to access the information in that folder i.e. the secure data to connect to the database. All you would have to do then is include the php file in the index.php or whichever file has the login screen.
- LGforumModerator
- Forum Posts : 77
Member Since : 2011-11-12
Yeah having the connection in another file is the best way.
But if you want to place it in your current script, it has to go anywhere before your first MySQL query.
But if you want to place it in your current script, it has to go anywhere before your first MySQL query.
- grimofdoomMember
- Forum Posts : 106
Member Since : 2012-03-06
Now im getting mad....the host(000webhost)keeps not connecting to the database.i have everything right in the code but it is not attempting to connect.
- Sponsored content
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|