I am still new in HTML5 and barely starting out. I did HTML for awhile as a module for my school and did a simple "online-shopping" site where I can use JSP files to communicate with my server. However HTML5 is an entirely whole new ball game for me, I hope the Stackoverflow community would be able to help me out with my queries.
So, I did some reading up on websockets however I am really lost in this area. I know what websockets does but I am not entirely sure what it is. For example, in the examples I have read, they only taught me how to create a new websocket object or how to have a connection between this websocket object, and there is supposed to be a url. An example of the code is this,
var Socket = new WebSocket(url, [protocal] );
So what exactly do I fill in the "url" area? Do I simply put the IP of my server or do I have to direct it to some php or html file, etc? I have downloaded WAMP and I would like to use apache as my server. Is this possible or do I have to use something like node.js? In a way I have no idea what "websocket" really means. Is a "server" or a feature within the "server" or a package which bridges the connection between the server?
And also are there other alternatives to using something similar to JSP in HTML5 for server data storage?
Thanks in advance for any replies.
The most basic way to connect to any database is by using MySQL which is a range of functions built into PHP.
Here is a function database_connect()
public function database_connect($database_location, $database_user, $database_password, $database_name) {
mysql_connect($database_location, $database_user, $database_password) or die(mysql_error());
mysql_select_db($database_name) or die(mysql_error());
}
Just paste this function at the top of your page or in an include file, and then connect to your database by calling it in one line:
database_connect('localhost', 'username', 'password', 'database');
This is the simplest way to connect to an SQL database, I hope this is what you were looking for! Remember that this code is in PHP
Related
I have been developing a plugin for Wordpress and I am stuck at point where I have to connect my plugin to a database remotely.
I know the procedural way of estabilishing the connection to a database which looks something like this $link = mysqli_connect("hostname", "username", "password", "database");
The $link variable will either return true or false depending on connection status, in my case the plugin is not allowed to connect to my MySQL server due to Administrator restrictions.
I have few questions regarding this.
What do you do in cases like these? If one enables the access via MySQL dashboard on a single database to make the connection, would that make a database vulnerable to injections or less protected?
If the previous is the right way, how do you pass the parameters properly to a function without revealing the plain credentials?
Is there any other way to implement this logic to get the needed data that plugin requires?
P.S. I have already tried looking up here for an answer without luck, the PHP documentation also did not help.
So I'm brand spanking new to mysql and php.
I'm set up with Mysql workbench and I'm practicing building a site using Notepad++ and just run it through Chrome. All I want to do is create a sign up page, which I'm assuming I use a .php page on the site, where it would be a username and password. That's it. I can't seem to find any tutorials on how to connect mysql to the .php page, or how to create a sign in page. Any help would be appreciated!
Welcome to PHP!
Typically a connection is established on a PHP page with something along the lines of this:
$conn = mysqli_connect("localhost","[username]","[password]","[databasename]") or die("Error " . mysqli_error($conn));
The "or die" will produce an error if there's a problem establishing a connection. Also, this uses the newer "mysqli_" method for connection; make sure when you call this connection in future that you use mysqli_ methods (there are still traditional "mysql_" methods available, but are depreciated).
Hope this helps!
M
here you go you, here you can find a way to properly connect to the database as well as all the data you need to get set up with your signup form
http://mrbool.com/how-to-create-a-sign-up-form-registration-with-php-and-mysql/28675
I have a few general questions I would like to have a better understanding on.
For a project I have been spending my free time on, I am attempting to display a ladder-based rankings table for a weekly-based chess tournament on a website. To do this, I have created a MYSQL database to hold each player's wins/losses/tournament wins. I understand that in order to display this data onto a html-based website, I need to use php to connect the database and the site.
I also have a very shallow understanding of php as a server-side language, and not a client-side one. Basically to me, this means that php can only be understood by the online server hosting the site, and not by the web browser (such as Google Chrome) itself. Consequently, this means that I can't simply run a .php file by opening it in Notepad++ and choosing "Run in Chrome". That will not work - I can only test php files by first saving them into the website directory and viewing them online. Is this the correct way of thinking about this?
My second question is more straightforward - and it involves the steps required to connect my website and the MYSQL server. Here is my first attempt:
<?php
//Connect to database
$db = mysql_connect("a2412233_ss","a2412233_ss", 'My_Password');
if (! $db){
die("Database connection failed: " . mysql_error());
}
else
echo("Success!");
?>
<html>
<head>
<Title> MySQL Table Connection </Title>
</head>
<body>
</body>
</html>
Two problems with this that I would love to get cleared up:
1) When I click the link to this file from my index.html on the website, the php file downloads rather than opening up on the browser window like a normal webpage should. So clearly something is wrong there.
2) Secondly, I am uncomfortable with the fact that written this way, anyone can view my database info/password by viewing this page source. So there has to be a better way of doing this where that php isn't visible by viewing the source.
Thank you all for the clarification and kick in the right direction! Slowly getting this html/MYSQL/php stuff figured out.
In regards to your first question, Yes that is correct, as it is server side and not client side, you can only view your php page if the code is running through a host.
I would recommend looking into getting XAMPP, which is a piece of software which allows you to use a local host to more quickly test out your code, this also comes with a free MySQL database (for local use only, but still serves a good purpose for testing). But anyway, you can look up on youtube tutorials on how to get XAMPP set up, it's not that complicated, and will save you tons of time when testing out your code, as it's then just as simple as editing your code, hitting the save button and then you can view the changes straight away in your browser.
Also I'd like to point out that you should rename your index.html to index.php, otherwise your browser won't/may not recognise your php code.
In regards to your second question, mysql_connect is generally an older way of connecting to the database, and a lot of people may advice you to avoid it, but I suppose it will do no harm at all to connect to a database this way, yet again, for this question you should be able to find many tutorials on youtube to help you set up your database and connect to it using a php script.
Oh and one last thing, to get rid of your doubts, as PHP is server side, it means that if someone was to 'view source code', they will not be able to see any of your PHP code, all they will see if the HTML and CSS code (or any other client side code), and therefore your username and passwords for your database are entirely safe.
EDIT: I'd also recommend looking at this PHP manual to pick up some of the basics of the language: http://php.net/manual/en/index.php
I have a conenct.php file that has $server, $user, $pass, $db
It seems like its trying to connect to a sql server.$conn
They also provided FTP information for me. (I'm not sure how I have to use this)
The instructions are to create a website from an illustrator file they created (which I have no problem doing). Then I have to collect name and email information and send it through. I'm not sure how I'm supposed to use the connect.php and FTP information to do that. Also, wouldn't the name/email have to be called something specific? I know this post might be a bit confusing. Let me know if I can clear anything up for you.
Thanks for the help!
Basically, I'm not sure I know what to do with the files they sent. I think I probably have to do a form action to the connect.php?
I checked in the FTP. All there is is a robots.txt and a .htaccess file
This can help get you started as to what to do with those connect.php variables. However, if you're just beginning PHP/MySQL dev, you'll have a bit more than this one page to read: http://php.net/manual/en/mysqli.quickstart.connections.php
Ok , so many people are asking this question, and there are many approaches on how to make the connection to DB secure,
Now I did some googling , many suggest, putting the connection to DB code in a file outside the html_public , and to call it from there when I need to make a connection.
to be honest, am happy with what I have, though I'm not sure how secure it is,
this is how I connect to the DB:
first, I make sure all inputs are fully escaped and validated...
after , in the same page , i make the connection, for example:
mysql_connect("localhost","Admin","Password") or
die ("DB Connection Error");
mysql_select_db("Users") or die ("DB Error");
and the rest of the code after, I close the mysql connection.
Now , It just don't feel right that the DB user info are written in the page, but how can someone (a "hacker") , get this info?
I mean , all inputs are fully escaped and validated, the users I use have very limited previleges, like select and update... only.
Is this secure?? and if not, can u please suggest a more secure way?
Thank you very much for ur help in advance :)
shady
The reason you should consider putting this file outside the web root is that some hosting providers have temporarily stopped interpreting PHP from time to time (due to configuration faults, often after an update on their part). The code will then get sent in clear text and the password will be out in the wild.
Consider this directory structure, where public_html is the web root:
/include1.php
/public_html/index.php
/public_html/includes/include0.php
Now consider this index.php:
<?php
include('includes/include0.php');
do_db_work_and_serve_page_to_visitor();
?>
If the web server starts serving this file in the open, it won't take long before someone tries to download include0.php. Nobody will be able to download include1.php, however, because it's outside the web root and therefore never handled by the web server.
I've personally not heard of a hosting provider not interpreting PHP, leading to your php source code going public. I just did a quick test on this on a RHEL5-Based server without php installed, and just got back a blank page when trying to access a php document.
mysql_* functions have become deprecated with the latest releases of php, and are now moving towards mysqli, as an overall more efficient and secure solution; I'd recommend taking a look into that; http://php.net/manual/en/book.mysqli.php - there's no deprecation errors or anything of the sort yet in PHP5.4 for using plain mysql_ functions, but if you're looking to keep on top of things, take a look into mysqli.
As for a quick answer to your above question, to be honest, I'd see that method as reasonably secure. Just make sure you've got escape chars etc set up, and I don't think you'll run into any issues.
Edit: Some people have posted that in very rare cases, some providers can leak your php source code in this manner. If this is the case, my first advice would be to switch provider.. but using an include_once to load your db info from another php file/lib would be a quick workaround for this. But again, if your provider's setup does allow for leaks such as these, I would be more concerned about their security than yours.
You can have php grab your DB password from a text file stored outside of the public webspace (using fopen), but I personally don't see any real reason for doing this.
Best of luck!
Eoghan
The best pratice is to use PHP PDO instead of the old mysql API.
Take a look: http://php.net/manual/en/ref.pdo-mysql.connection.php
Also, here's an interesting article: http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/