I just started reading up on PHP with mySQL, and I am just on the first page (http://php.about.com/od/phpwithmysql/ss/mysql_php.htm) and it says that I connect to my database within my PHP code by supplying my username and password.
My question is, would this not leave my password exposed for anyone to then access my database?
Now I have not learned yet if this connection code is written in a separate php file, or in php inbedded into my html code, but aren't all my files (php, css, js), all available anyways; otherwise how would people's browsers be able to see the results?
Thanks,
-Adrian
No. PHP is processed on the server-side, and is never sent (insecure application not withstanding) to the browser. You might also check out CodeAcademy's PHP track. I think that would probably be a better guide for you!
Php is server side language. It runs on your server so it wont be visible. (Unless you use any echo's or print ) :D
Related
Is it safe to put php code for accessing a database in the same script that we have wrote the form? For example $_PHP_SELF...? I mean the fact that we stop need another script from a server (that no none can read)and using the same code on the same file doesnt this make everyone able to see the code and our passwords
for example mysqli_connect("server","asdfsa",code"......
thanks...
After realising that my web server wouldn't run php inside my html file I used an iframe which points to my php script.
It works as expected and now my site has a nice little comment form that the user can fill in and submit.
I opted for this instead of changing my hhtpd.conf because I don't think my web host allows it.
So my question is; is there any real danger of doing this? If the comment.php file were to mysteriously disappear an error would appear in my html which wouldn't affect the rest of my code. I can't think of any drawbacks unless there some server overhead I'm unaware of.
Any information would be welcomed.
Cheers!
If they (the html and php files) are located on the same server — should be no danger.
Just to clarify :
If you can 'run' the php in an iFrame, then you're able to run it in the main frame as well. the php that is generated for your iframe could as well be generated for the main frame.
So, no, there is no danger at at, but no, you don't need an iframe, I think you misunderstood somehow how php is working.
There is no php in html, php is (simplified) used in 2 scenarios :
first is to generate html that will be sent to the web browser,
the second is a script, that doesn't render any php but affects some internal files, like databases and such.
I am a complete PHP novice and I am just trying to write a simple web form and script that checks to see if the input matches a specific string. I have got that working no problem and just want to know if there is some way for the web form user to parse the script code and see what I am comparing to, therefore revealing the secret message to them.
Thanks in advance.
If there is a missconfiguration with your apache server, then it is a possibility. But other than that, PHP is server-sided scripting and will remain visible to only the server/FTP users.
ive got a script i need to load into a page but its sensitive so i dont want to have to reveal the source of the script. Im aware that js runs client side, but is there some way i could load it server side with php / or just embed it server side to still be run on the users system ?
The script itself is a simple external js script like this :
<script type="text/javascript" src="myscripts.js"></script>
cheers
If you want your browser to run a script, it must receive the source code for that script. Your statement "embed the script server side" doesn't make much sense, nor does "loading it server side with .php". Either the browser receives the script code to execute (and thus, it is visible to the end-user), or it doesn't.
You can try using various obfuscation methods to make the source code harder to understand, but anyone with sufficient determination will get around this.
You could conceal the source location of the script that way, but not the source code. If you want it to execute on the client then you must sent it to the client. If you send it to the client then the user can execute it. Don't put secret business logic on the client side, handle it server side.
No there is not. The best you can do is to obfuscate your code to make it hard to reverse-engineer for non experienced user.
I have been doing some research on mobile websites, and thus far it seems to me that PHP is not supported by most handsets.
I am trying to create multiple form's that lead up to a auto email response, which would be fairly simple if I could use PHP.
Is there any other way of achieving this?
PHP is server side language, your server has to be support for it. handsets should support html or whatever you output with php.
PHP is usually executed on the server, not the handset itself, so the question is more if your PHP spits out HTML unsuited for a handset.
Yes - its perfectly possible to write WML using PHP, only vaveat is that you need to add a custom header to set the mimetype if your default behaviour for PHP files is to return text/html. And, of course you need to understand WML - which is quite different from HTML.
These days a lot of handhelds can now cope with HTML although don't expect javascript.
PHP is not supported by most handsets
Eh? What's that got to do with it? PHP runs on the server - not on the client.
C.
Have a read up on the basic request/response cycle for a web page.
Assuming by "mobile website" you mean "a normal website that is tailored for display on a mobile device" the answer is that PHP runs on the server not the client, the client only displays HTML given to it by the server.