[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Thursday 28 Aug 2003 7:25 am, Richard Brown wrote:
> Thanks Neil
>
> As soon as I renamed it php instead of php3 it worked!
Good.
> <?php
> $db=mysql_connect("localhost","root");
As Adrian says, always a bad idea to do anything as root. See the write up on
the Plymouth University MySQL presentation I made - there's a command there
to grant permissions to an ordinary user:
http://www.dclug.org.uk/linux_uk/mysql2.html
mysql> GRANT Select, Insert, Update, Delete, Index, Alter, Create,
->Drop ON dummy.* TO dummy@xxxxxxxxx IDENTIFIED BY 'some_pass';
replace dummy and some_pass.
> mysql_select_db("allusers",$db);
> $result=mysql_query("SELECT*FROM names",$db);
Problem 1:
SELECT * from names;
$sql = "select * from names;";
Use spaces. Note the ending semi-colon - it needs to be INSIDE the string as
well as ending the PHP command.
It's usually better to make a $sql variable and create the string there - then
you can output the sql statement in case of errors (up until the time you
make the script live when such debugging reports are a liability!)
Also, use a die statement here to get confirmation that the SQL is actually
correct syntax:
$connection = @mysql_connect("localhost","username","password")
or die ("Could not connect!");
$db = @mysql_select_db($dbname, $connection)
or die("Could not select a valid database.");
$result = mysql_query($sql,$connection)
or die ("Could not execute count query.$sql");
Just remove the $sql output from the last die command once you've got the SQL
statement working.
> printf("firstname:%<br>\n",mysql_results($result,0,"firstname"));
> printf("lastname:%<br>\n",mysql_results($result,0,"lastname"));
> printf("streetaddr:%<br>\n",mysql_results($result,0,"streetaddr"));
> printf("distaddr:%<br>\n",mysql_results($result,0,"distaddr"));
> printf("city:%<br>\n",mysql_results($result,0,"city"));
> printf("county:%<br>\n",mysql_results($result,0,"county"));
> printf("postcode:%<br>\n",mysql_results($result,0,"postcode"));
> printf("country:%<br>\n",mysql_results($result,0,"country"));
Awkward. Use a wile loop to retrieve the results, it's faster and easier to
debug.
while ($row = mysql_fetch_array($result)) {
$variable=$row['fieldname'];
}
> Can anybody help and is there a way of storing the password value so
> that it is available to users without giving it out?
PHP never gives out the password. Anyone wanting to read the PHP source code
on a correctly configured Apache server MUST crack the server itself. You can
and must put the MySQL user password into each and every PHP (and Perl)
script that needs database connectivity.
Here's the corrected script:
<html><body>
<?php
$connection = @mysql_connect("localhost","username","password")
or die ("Could not connect!");
$db = @mysql_select_db("allusers", $connection)
or die("Could not select a valid database.");
$sql = "select * from names;";
$result = mysql_query($sql,$connection)
or die ("Could not execute count query.$sql");
while ($row = mysql_fetch_array($result)) {
print $row['firstname'];
print $row['lastname'];
print $row['streetaddr'];
print $row['city'];
print $row['county'];
print $row['postcode'];
print $row['country'];
}
?>
</body></html>
See also:
http://www.codehelp.co.uk/php/mysql1.php
A 4 page tutorial on PHP and MySQL.
http://www.codehelp.co.uk/php/first.php
An 8 page tutorial on PHP.
--
Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
Attachment:
pgp00060.pgp
Description: signature