Welcome to WebmasterWorld Guest from 54.196.232.162

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Server-Sided PHP Websites

The title explains it.

     
8:29 pm on Jan 5, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


How do I make a server-sided PHP website?
$_POST['var'] isnt working :(
10:35 pm on Jan 5, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Welcome aboard Club559, here's a good start [w3schools.com]. Once you get through the tutorials there, be sure to return here and review topics on security and best programming practices.
11:41 pm on Jan 5, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


I know. I took that, and it said:

"$_POST will be visible to every person that connects"

2:39 am on Jan 6, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


How about you show some code of the page where you post the variable in a form and the page where you retrieve the post variable?
2:50 am on Jan 6, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


Wait, just finished a MySQL connection for it. Now there's another problem. I get "access denied" when I connect to my website.
Here's my code:

<?php
$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

if(!mysql_query("CREATE DATABASE testDB",$con))
{
echo('Failed to create database: ' . mysql_error());
}

mysql_select_db("testDB",$con);
$sql = "CREATE TABLE Messages ( msgID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(msgID), Message tinytext, User tinytext, )";
mysql_query($sql,$con);

$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

$result = mysql_query("SELECT * FROM Messages");

while($row = mysql_fetch_array($result))
{
echo $row['User'] . ": " . $row['msg'];
echo "<br />";
}
?>

2:52 am on Jan 6, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


Also, if you need it, here is my form just to get you updated on the $_POST variables

<form action="PHPTest.php" method="post">
Username: <input type="text" name="user" />
<br/>
Message: <input type="text" name="msg" />
<br/>
<input type="submit" value="Speak up" />
</form>
<br/>

3:39 am on Jan 6, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


"$_POST will be visible to every person that connects"

Can you tell us where you saw that?

"Visible to everyone that connects" doesn't make a lot of sense. It is posted to a location, a script, only the script receives the posted data. $_POST data is only visible to everyone if you print it out to a browser.

To test your posted input, at the top of the script you are posting to,

<?php
echo $_POST['user'] . "<br>" . $_POST['msg'];

I get "access denied" when I connect to my website.

It's right here, most likely.

$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

You've connected, but to what database? I see you go on to attempt to create a database, but most hosts won't allow it, the script has to have root access.

You generally create an empty database via command line or a web interface, assign a user for the database, assign privileges to that user, then make the connection.

Create mySQL user syntax [dev.mysql.com]
Grant, Assigning user privileges [dev.mysql.com]

A typical connection method,

<?php
define('DB','the_database_name');
define('DBHOST','localhost');
define('DBUSER','the_database_user');
define('DBPASSWORD','Th3D@+@baSPa$$');

$link = mysql_pconnect(DBHOST,DBUSER,DBPASSWORD) or die ("Could not connect to database");
mysql_select_db(DB,$link);
?>

Save that as "db-connect.php" or something. Then in your script,

require_once("db-connect.php");

header("content-type:text/html");

$select = "select * from tablename";

$result=mysql_query($select);
if (!$result) { die("Cannot query table tablename: " . mysql_error()); }
while ($row=mysql_fetch_array($result)) {
echo '<p>' . $row[0] . ' ' . $row[1] . '</p>'; // or by field name, $row['user'], $row['msg'], etc
}

mysql_free_result($result);

Once your database is created, your script will be able to add tables to it (if you've given them those privileges) and make queries, but unless you are root on the box and can assign root privileges to the script, your script won't be able to create databases.

4:45 am on Jan 6, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


Can you tell us where you saw that?

Ok, now I think it said: "It's always visible to the person that connects", meaning it's like a cookie.

Also, I dont quite get the CREATE USER thing. Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

5:00 am on Jan 6, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0



$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

This is very dangerous. If you don't examine your POST variables before you use them in mysql queries you will eventually have your tables dropped or riddled with spam.

8:35 pm on Jan 6, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Also, I dont quite get the CREATE USER thing.

mySQL is designed to be connected to locally, or remotely.

Like any connection service, validation is required. So you have to create a user for your database, with a password. This "user" is your scripts. You are confusing "users of your website" with the mysQL user connecting to it.

So using the previous examples, your scripts are connecting to your database as user "the_database_user" with a password "Th3D@+@baSPa$$". This has nothing to do with "real people" connecting to your site. Those people will be using your scripts and you will create database entries to contain site user data.

Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

Not really, you have to figure out how to connect first. :-) You're on the right track (sort of) with the select statements you have there, when someone signs up you accept data from post, enter it into the database, then write scripting to validate them when they log in.

You need to get some basics down first. It's not a copy and paste thing.

11:15 pm on Jan 6, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2010
posts:4
votes: 0


You need to get some basics down first. It's not a copy and paste thing.

I know, I took the PHP and MySQL tutorials at w3schools.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members