homepage Welcome to WebmasterWorld Guest from 54.204.182.118
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Server-Sided PHP Websites
The title explains it.
Club559



 
Msg#: 4054737 posted 8:29 pm on Jan 5, 2010 (gmt 0)

How do I make a server-sided PHP website?
$_POST['var'] isnt working :(

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4054737 posted 10:35 pm on Jan 5, 2010 (gmt 0)

Welcome aboard Club559, here's a good start [w3schools.com]. Once you get through the tutorials there, be sure to return here and review topics on security and best programming practices.

Club559



 
Msg#: 4054737 posted 11:41 pm on Jan 5, 2010 (gmt 0)

I know. I took that, and it said:

"$_POST will be visible to every person that connects"

StoutFiles

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4054737 posted 2:39 am on Jan 6, 2010 (gmt 0)

How about you show some code of the page where you post the variable in a form and the page where you retrieve the post variable?

Club559



 
Msg#: 4054737 posted 2:50 am on Jan 6, 2010 (gmt 0)

Wait, just finished a MySQL connection for it. Now there's another problem. I get "access denied" when I connect to my website.
Here's my code:

<?php
$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

if(!mysql_query("CREATE DATABASE testDB",$con))
{
echo('Failed to create database: ' . mysql_error());
}

mysql_select_db("testDB",$con);
$sql = "CREATE TABLE Messages ( msgID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(msgID), Message tinytext, User tinytext, )";
mysql_query($sql,$con);

$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

$result = mysql_query("SELECT * FROM Messages");

while($row = mysql_fetch_array($result))
{
echo $row['User'] . ": " . $row['msg'];
echo "<br />";
}
?>

Club559



 
Msg#: 4054737 posted 2:52 am on Jan 6, 2010 (gmt 0)

Also, if you need it, here is my form just to get you updated on the $_POST variables

<form action="PHPTest.php" method="post">
Username: <input type="text" name="user" />
<br/>
Message: <input type="text" name="msg" />
<br/>
<input type="submit" value="Speak up" />
</form>
<br/>

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4054737 posted 3:39 am on Jan 6, 2010 (gmt 0)

"$_POST will be visible to every person that connects"

Can you tell us where you saw that?

"Visible to everyone that connects" doesn't make a lot of sense. It is posted to a location, a script, only the script receives the posted data. $_POST data is only visible to everyone if you print it out to a browser.

To test your posted input, at the top of the script you are posting to,

<?php
echo $_POST['user'] . "<br>" . $_POST['msg'];

I get "access denied" when I connect to my website.

It's right here, most likely.

$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

You've connected, but to what database? I see you go on to attempt to create a database, but most hosts won't allow it, the script has to have root access.

You generally create an empty database via command line or a web interface, assign a user for the database, assign privileges to that user, then make the connection.

Create mySQL user syntax [dev.mysql.com]
Grant, Assigning user privileges [dev.mysql.com]

A typical connection method,

<?php
define('DB','the_database_name');
define('DBHOST','localhost');
define('DBUSER','the_database_user');
define('DBPASSWORD','Th3D@+@baSPa$$');

$link = mysql_pconnect(DBHOST,DBUSER,DBPASSWORD) or die ("Could not connect to database");
mysql_select_db(DB,$link);
?>

Save that as "db-connect.php" or something. Then in your script,

require_once("db-connect.php");

header("content-type:text/html");

$select = "select * from tablename";

$result=mysql_query($select);
if (!$result) { die("Cannot query table tablename: " . mysql_error()); }
while ($row=mysql_fetch_array($result)) {
echo '<p>' . $row[0] . ' ' . $row[1] . '</p>'; // or by field name, $row['user'], $row['msg'], etc
}

mysql_free_result($result);

Once your database is created, your script will be able to add tables to it (if you've given them those privileges) and make queries, but unless you are root on the box and can assign root privileges to the script, your script won't be able to create databases.

Club559



 
Msg#: 4054737 posted 4:45 am on Jan 6, 2010 (gmt 0)

Can you tell us where you saw that?

Ok, now I think it said: "It's always visible to the person that connects", meaning it's like a cookie.

Also, I dont quite get the CREATE USER thing. Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

StoutFiles

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4054737 posted 5:00 am on Jan 6, 2010 (gmt 0)


$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

This is very dangerous. If you don't examine your POST variables before you use them in mysql queries you will eventually have your tables dropped or riddled with spam.

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4054737 posted 8:35 pm on Jan 6, 2010 (gmt 0)

Also, I dont quite get the CREATE USER thing.

mySQL is designed to be connected to locally, or remotely.

Like any connection service, validation is required. So you have to create a user for your database, with a password. This "user" is your scripts. You are confusing "users of your website" with the mysQL user connecting to it.

So using the previous examples, your scripts are connecting to your database as user "the_database_user" with a password "Th3D@+@baSPa$$". This has nothing to do with "real people" connecting to your site. Those people will be using your scripts and you will create database entries to contain site user data.

Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

Not really, you have to figure out how to connect first. :-) You're on the right track (sort of) with the select statements you have there, when someone signs up you accept data from post, enter it into the database, then write scripting to validate them when they log in.

You need to get some basics down first. It's not a copy and paste thing.

Club559



 
Msg#: 4054737 posted 11:15 pm on Jan 6, 2010 (gmt 0)

You need to get some basics down first. It's not a copy and paste thing.

I know, I took the PHP and MySQL tutorials at w3schools.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved