Log in

View Full Version : creating sql form


die-trying
11-06-2012, 03:01 PM
hi guys..
i built two scripts i'm beginner in php . i need some help

my first script is to add students details to database that i have done ..

here is my first problem ..


<?php

// connect to database

$h = $_POST['host']; // database_name
$u = $_POST['user']; // database_user
$p = $_POST['pass']; // database_pass



echo

"<form method='POST' action='SQL.php' />
Hostname : <input type='text' name='host' /><br />
Username : <input type='text' name='user' /><br />
Password : <input type='text' name='pass' /><br />
<input type='submit' value='Login' />

</form>";

i'am not good in english sorry

after creating form .. we should make certain steps right ,that to allow login to database, here is my problem

someone please explain me in simple way to understand

thank you
traq
11-06-2012, 09:05 PM
What you're doing here will require the user to 1) know the database credentials, and 2) enter them on every request.

Some things to consider with this approach:

1) You should limit the number of people that you pass out DB usernames/passwords to
2) It would be a good idea for this account to have limited privileges (in case the username/password is leaked)
3) You should use SSL to make sure the username/password cannot be stolen during the transaction.

A more common approach is to store the database credentials in the script (or in a secure file on your server). Your users would log in to your site before being allowed to update the database.

To answer your questions (if I understand correctly):
<?php

//------------------ connect to database
# no, this does not create a database connection.
# this only gets the host/username/password from the form
# (IF the form was submitted - if not, it will create an error).

$h = $_POST['host']; // database_name
$u = $_POST['user']; // database_user
$p = $_POST['pass']; // database_pass



echo

"<form method='POST' action='SQL.php' />
Hostname : <input type='text' name='host' /><br />
Username : <input type='text' name='user' /><br />
Password : <input type='text' name='pass' /><br />
<input type='submit' value='Login' />

</form>"; You might try something like this instead:
<?php

// decide what to do

// if the form was submitted
if( !empty( $_POST ) ){
// check each value:
// if the value is not empty, use it: if not, leave it blank
$h = !empty( $_POST['host'] )? $_POST['host']: '';
$u = !empty( $_POST['user'] )? $_POST['user']: '';
$p = !empty( $_POST['pass'] )? $_POST['pass']: '';

// one thing you're missing is the name of the database you wish to use.
// for my example, I'll assume it's named "student".
$d = "student";

// connect to the database.
$DB = new mysqli( $h,$u,$p,$d );

// check for connection errors:
if( $DB->connect_error ){
// during development, you want to see the error message.
// when your site is live, you should NEVER show error messages,
// and you should NEVER use `exit` (or `die`) for error handling.
exit( $DB->connect_error );
}

// now you are connected to the database.

}