I am building a simple mobile app with Framework7 and Phonegap that submits form data to a database. I have created a form POST according to the F7 docs to a POST test server as follows:
<form action="https://ptsv2.com/t/c1i9p-1580217375/post" method="POST" class="form-ajax-submit">
I can see in the console that the form data looks correct and the test server is also receiving the data:
I am now trying to create a connection to phpMyAdmin running locally so that I can POST the data somewhere. My HTML has changed to:
<form action="/php/form-data.php" method="POST" class="form-ajax-submit">
And the php file is as follows:
<?php
$servername = "localhost";
$database = "test";
$username = "root";
$password = "";
//Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
//Insert generic variables into table for testing
$sql = "INSERT INTO meeting (first_name, surname, email)
VALUES ('John', 'Doe', 'johndoe#gmail.com')";
mysqli_close($conn);
The POST now fails and I am getting the following error in the console:
POST http://myIP:55/php/form-data.php 404 (Not Found)
If I click on the above link the php file in question downloads to my PC, so I don't think it's actually an issue of not being able to find the file and rather something wrong with the php or database? It is my first time ever doing a POST request so please excuse any silly mistakes.
you need to install server for PHP e.g. Apache
Related
I am beginner with creating websites
I have already created a website by html and ccs
and also i created the database by my sql queries
Now still link the database with my website in xampp server
But I have no idea how to do it
I search google i found one explanation that told me to create db_connection.php file in htdocs where my website files located and import my database file to myphp admin
I did all these steps
I don't know what is the next step
should i write any codes in each page code of my website or not
I hope someone help me
I will really thankful for him/her
In your db_connection.php you should write
$dbServername = "localhost"; //if you use xampp, it will be localhost
$dbUsername = "yourUsername"; //standart login is root
$dbPassword = "yourPassword"; //standart password is none, so leave it empty
$dbName = "yourDbName"; //place your db name here
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
Now you are connected to your db. Include this file where you need to perform query's.
I hope the title makes sense. I have a sort of social-networking site where on the profile page a HTML form will be submitted to a php file which will store the user input in a MySQL database using the username session variable created at the login, right now a simplified version looks like this:
HTML:
<html>
<body>
<form method='POST' action='destination.php'>
<input type='text' name='email'/>
<input type='text' name='location'/>
<input type='submit' value='Submit'/>
</form>
<body>
</html>
destination.php:
<?php
session_start();
$username = $_SESSION['username'] //from before (e.g. login)
//CONNECT TO MYSQL
$servername = "127.0.0.1";
$sqlusername = "root";
$sqlpassword = "*********";
$dbname = "**********";
$conn = new mysqli($servername, $sqlusername, $sqlpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = $conn->prepare("insert into users(email, location) values(?, ?) where username=?");
$sql->bind_param("sss", $_POST['email'], $_POST['location'], $username);
$sql->execute();
$sql->close();
$conn->close();
?>
This works great, however I am running it on a developing machine and was wondering how it would actually work when multiple users will be posting forms at almost the same time, will the session get 'confused'? I am new at all this so I am not exactly sure how sessions work but is the above code safe? If not what can I do?
Sessions work by creating a unique identification(UID) number for each
visitor and storing variables based on this ID. This helps to prevent
two users' data from getting confused with one another when visiting
the same webpage.
When a session is started following things happen −
PHP first creates a unique identifier for that particular session
which is a random string of 32 hexadecimal numbers such as
3c7foj34c3jj973hjkop2fc937e3443.
A cookie called PHPSESSID is automatically sent to the user's computer
to store unique session identification string.
A file is automatically created on the server in the designated
temporary directory and bears the name of the unique identifier
prefixed by sess_ ie sess_3c7foj34c3jj973hjkop2fc937e3443.
When a PHP script wants to retrieve the value from a session variable,
PHP automatically gets the unique session identifier string from the
PHPSESSID cookie and then looks in its temporary directory for the
file bearing that name and a validation can be done by comparing both
values.
I have a PHP script to receive a html/txt data and store it into a MySQL database. The PHP is like this and is in the following path XXX.XXX.XX.158/myphp.php
<?php
$text = $_POST['data'];
$con = mysqli_connect('localhost','root',''); //DB connection
mysqli_select_db($con,'db1'); //DB selection
$sql = "INSERT INTO pages (page) VALUES ($text)";
mysqli_query($con,$sql);
?>
On the other hand, I need a BASH-CGI in other local IP (XXX.XXX.XX.157) to send the html/txt file. However, curl is not working for me and I dont know how to do this in pure bash.
#!/bin/bash
dir='Location: ../http/index.html'
#POST($dir) send(data)??
Is there any command or method so I can do this?
Thank you in advance
I want to send form data to a server online.
At the moment i'm using xampp so the username and password are 'root' and ''
If I was to put this online I would have to put my hosting login details. Is that correct?
Clearly that would be a very serious security issue as anybody could see it written in my process file.
I have found a lot of info about prepared statements to prevent SQL injection but nothing about how to hide username/password, which I would have thought would be a bigger thing.
Am I missing something essential about usernames/passwords?
(I am not trying to create user login accounts, just basic newsletter signup)
<?
// database details
$servername = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';
// form submission
$email=$_POST['email'];
// connect to database
mysql_connect($servername, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
mysql_query("INSERT INTO newsletter VALUES ('$email')");
Print "Your information has been successfully added to the database.";
mysql_close();
?>
Update:
Ok, so I have since included prepared statements into my code, and it now looks like this:
<?php
// database details
$servername = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';
// form submission
$email=$_POST['email'];
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO scenariosubmission (Email) VALUES (?)");
$stmt->bind_param("s", $email);
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
My code should prevent SQL injection
So what I want to know is if I was to enter my username password database and upload this to the server, would those details be safe if I uploaded them like any other web page to public_html?
So when you move this to your hosting, the code will be something like this:
<?
// database details
$servername = 'localhost';
$username = 'your userid with your hosting company';
$password = 'hosting company provided mysql password';
$database = '';
Will that be a big security issue of everyone being able to see your MySQL password?
Not really, because only you and the people working for the hosting company should be able to see the PHP code. And the people working at the hosting company will have the root password to the database anyway, so they could look at what you have in the database without your particular mysql credentials.
But using <? rather than <?php may cause your code to be transmitted instead of run on some server setups. So if you upload it that way, initially some users may end up seeing the passwords you have in the code before you figure it out and fix it.
Another more serious issue than this is if the hosting company has you using phpmyadmin over http rather than https, because every time you login to it your credentials will be transmitted in plain text.
Well there a couple of things in play here.
Since you mentioned SQLi and considering you're using PHP + MySQL, you should look into doing prepared statements, by using the prepare(), bind() and execute() functions.
Second, even before thinking about putting something online or using SQL properly is to change the default username/password.
Now if you want to put your server online, I'm assuming you have a server or the credentials to someplace where you can ran either XAMP or configure its services by hand. Anyway, those credentials are the Database's, which are different from your host server login credentials.
As long as that .php file is properly secured on the server, it's common practice to have the username/password there in the file.
I have a php script that limits the amount of times people can download content on my site. I found this script by google searching and changed it a bit to get it working for me.
The problem is I don't know anything really about php. The first part of the script checks the referring page. When I copied the php script, it was set up to check a single URL. My problem is I want to reference the php script from multiple pages, because one page has flash on it, and another page I created for mobile phones that don't have flash. Because of this, the link only works on one page - the page with the url I replace in the script.
My question is, what is the code to include multiple URLs in the reference check? I don't know if it's something very simple, or if it's even possible.
Below is the part of the php script which checks the referring URL, and then proceeds to login to mySQL DB to begin the download.
$referer = $_SERVER['HTTP_REFERER'];
$keymatch= $_SESSION['key'];
$pass='key';
$md5value= md5($pass);
if (($referer=="my url containing php script link")&& ($keymatch==$md5value)) {
$username = "user";
$password = "password";
$hostname = "host";
$database = "database";
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db($database,$dbhandle)
or die("Could not select $database");
Thanks in advance for any help.
-Richard
Rather than checking referer matches on one link:
if (($referer=="my url containing php script link")...
Create an array of links and match against that:
$referers = array('link1', 'link2','link3');
if((in_array($referer, $referers)...