Welcome to WebmasterWorld Guest from 23.22.17.192

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Server-Sided PHP Websites

The title explains it.

   
8:29 pm on Jan 5, 2010 (gmt 0)

5+ Year Member



How do I make a server-sided PHP website?
$_POST['var'] isnt working :(
10:35 pm on Jan 5, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Welcome aboard Club559, here's a good start [w3schools.com]. Once you get through the tutorials there, be sure to return here and review topics on security and best programming practices.
11:41 pm on Jan 5, 2010 (gmt 0)

5+ Year Member



I know. I took that, and it said:

"$_POST will be visible to every person that connects"

2:39 am on Jan 6, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



How about you show some code of the page where you post the variable in a form and the page where you retrieve the post variable?
2:50 am on Jan 6, 2010 (gmt 0)

5+ Year Member



Wait, just finished a MySQL connection for it. Now there's another problem. I get "access denied" when I connect to my website.
Here's my code:

<?php
$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

if(!mysql_query("CREATE DATABASE testDB",$con))
{
echo('Failed to create database: ' . mysql_error());
}

mysql_select_db("testDB",$con);
$sql = "CREATE TABLE Messages ( msgID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(msgID), Message tinytext, User tinytext, )";
mysql_query($sql,$con);

$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

$result = mysql_query("SELECT * FROM Messages");

while($row = mysql_fetch_array($result))
{
echo $row['User'] . ": " . $row['msg'];
echo "<br />";
}
?>

2:52 am on Jan 6, 2010 (gmt 0)

5+ Year Member



Also, if you need it, here is my form just to get you updated on the $_POST variables

<form action="PHPTest.php" method="post">
Username: <input type="text" name="user" />
<br/>
Message: <input type="text" name="msg" />
<br/>
<input type="submit" value="Speak up" />
</form>
<br/>

3:39 am on Jan 6, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



"$_POST will be visible to every person that connects"

Can you tell us where you saw that?

"Visible to everyone that connects" doesn't make a lot of sense. It is posted to a location, a script, only the script receives the posted data. $_POST data is only visible to everyone if you print it out to a browser.

To test your posted input, at the top of the script you are posting to,

<?php
echo $_POST['user'] . "<br>" . $_POST['msg'];

I get "access denied" when I connect to my website.

It's right here, most likely.

$con = mysql_connect("localhost:3306");
if(!$con)
{
die('Failed to conect: ' . mysql_error());
}

You've connected, but to what database? I see you go on to attempt to create a database, but most hosts won't allow it, the script has to have root access.

You generally create an empty database via command line or a web interface, assign a user for the database, assign privileges to that user, then make the connection.

Create mySQL user syntax [dev.mysql.com]
Grant, Assigning user privileges [dev.mysql.com]

A typical connection method,

<?php
define('DB','the_database_name');
define('DBHOST','localhost');
define('DBUSER','the_database_user');
define('DBPASSWORD','Th3D@+@baSPa$$');

$link = mysql_pconnect(DBHOST,DBUSER,DBPASSWORD) or die ("Could not connect to database");
mysql_select_db(DB,$link);
?>

Save that as "db-connect.php" or something. Then in your script,

require_once("db-connect.php");

header("content-type:text/html");

$select = "select * from tablename";

$result=mysql_query($select);
if (!$result) { die("Cannot query table tablename: " . mysql_error()); }
while ($row=mysql_fetch_array($result)) {
echo '<p>' . $row[0] . ' ' . $row[1] . '</p>'; // or by field name, $row['user'], $row['msg'], etc
}

mysql_free_result($result);

Once your database is created, your script will be able to add tables to it (if you've given them those privileges) and make queries, but unless you are root on the box and can assign root privileges to the script, your script won't be able to create databases.

4:45 am on Jan 6, 2010 (gmt 0)

5+ Year Member



Can you tell us where you saw that?

Ok, now I think it said: "It's always visible to the person that connects", meaning it's like a cookie.

Also, I dont quite get the CREATE USER thing. Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

5:00 am on Jan 6, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member




$sqlTwo = "INSERT INTO Messages (Message, User) VALUES ('$_POST[msg]','$_POST[user]')";
if(!mysql_query($sqlTwo,$con))
{
die('Error: ' . mysql_error());
}

This is very dangerous. If you don't examine your POST variables before you use them in mysql queries you will eventually have your tables dropped or riddled with spam.

8:35 pm on Jan 6, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Also, I dont quite get the CREATE USER thing.

mySQL is designed to be connected to locally, or remotely.

Like any connection service, validation is required. So you have to create a user for your database, with a password. This "user" is your scripts. You are confusing "users of your website" with the mysQL user connecting to it.

So using the previous examples, your scripts are connecting to your database as user "the_database_user" with a password "Th3D@+@baSPa$$". This has nothing to do with "real people" connecting to your site. Those people will be using your scripts and you will create database entries to contain site user data.

Could you give me a simple example that would allows users to create/add to tables that I can edit the name and pass of?

Not really, you have to figure out how to connect first. :-) You're on the right track (sort of) with the select statements you have there, when someone signs up you accept data from post, enter it into the database, then write scripting to validate them when they log in.

You need to get some basics down first. It's not a copy and paste thing.

11:15 pm on Jan 6, 2010 (gmt 0)

5+ Year Member



You need to get some basics down first. It's not a copy and paste thing.

I know, I took the PHP and MySQL tutorials at w3schools.