Help a beginner

[traq]

Wow, that makes a hell of a lot more sense. Now atleast I sort of see how it works together. However, I have put in my db details, when I load the page, it is blank, nothing happens. What do I fix?

Since the script produces output no-matter-what, I'd have to say that there's an error. As I said, I haven't tested it yet. I did update it this morning, since I discovered there was a missing function in the first post. You might try it again; make sure your copy of the script has the function connectToDB() defined.

However, if you didn't see any errors, you need to make sure error reporting is turned on. (Don't display errors on your live site, obviously, but during development it's essential to see every last error.)

PHP Code:

<?php
// very top of script
error_reporting( -1 );
ini_set('display_errors', '1');
//  . . .

[djr33]

Hackers could see the passwords. If it's just localhost it might make no difference, but if you ever use the same password for another account or if someone tries to access your personal computer remotely, it could be a problem. And there's never a reason for any of us here to see your passwords-- as long as you don't have a typo, they're never related to the code. (We can test with them anyway, so it's not important for us to have that part included-- good to see that you have the right code there, but not the username or password or even database name.) I suppose it's up to you; but as a habit we don't want to have passwords here for anyone to try to use against our members.

[bernie1227]

Why so bernie? I will keep it in mind for next time though.

As Daniel explained, if you out that same site/database on the web, and at some point provide a url to your site to fix a problem, then you are in massive trouble, you would have given far and away enough information to access your database. <Hypothetical>For example, you make a website online, you have a table called user_info, using the same password, you post a link to your site on this forum in order to ask for help, now any hacker can access the personal info of all your clients.</hypothetical> so just as a matter of practise, I wouldn't post information nine that could lead to your website being hacked

@traq, why did you blank the password in my quote but nowhere else in the page?

[djr33]

We intended to catch them all, but it looks like we missed a couple. I just fixed them. There's a point where it's up to Dirty Harry to keep an eye on it anyway, but I think they're all gone for now.

[traq]

@traq, why did you blank the password in my quote but nowhere else in the page?

because the OP can't edit your post (all the other posts that show the credentials are his own; he can edit them out if he so desires).

My main concern was that he'd be able to remove them all if he thought it was prudent. I didn't mean to single you out.

[bernie1227]

Don't worry, I wasn't feeling singled out, I was just wondering whether you had just forgotten to remove the rest of the database information.
It appears the rest of the information has been changed to USER and PASS

[traq]

yeah, Daniel went ahead and did that. no prob.

Dirty Harry:
I've done my testing. (I made all of these corrections to the script in post #16 as well, so it's now error-free.)

1. Forgot to include definition of the function connectToDB()
2. Forgot a semicolon on line 202 (last line!)
3. Misspelled htmlspecialchars() on lines 150,151,152, and 153
.....(actually, only misspelled it the first time: the others were copy+paste)
4. Forgot to add name="submit" to the submit button on the form

After these fixes, the script worked fine.
I changed the SQL, of course, since I was testing on my own database, so your original query still may-or-may-not work.

Let me know how it goes.

[Dirty Harry]

Thanks for that info guys, and thanks for blanking my credentials out, this is a huge learning game for me.

@traq, I think I am cocking something up from my side, I corrected the script as you mentioned, also with the function you added. The way I am testing it is typing localhost:8888/test2.php in my browser. My other pages work, is this configured slightly differently? I also put that error line right at the top of the page, doesn't even show the error. I am using apache as my web server...any other info needed?

[Dirty Harry]

Oh and of course, I am adding my db data for the connection in the.

[traq]

well, all I can figure is that you're throwing a fatal error somehow (a fatal error stops the script before it's actually run, so our calls for error checking would never be made). Do you have a php.ini file in your web root directory? You could edit the following values (make a backup copy first):

Code:

error_reporting = E_ALL | E_STRICT
display_errors = On

if there is no php.ini file, you can add it.

Are you sure your copy of the script includes all the corrections I made? Make sure you're using a copy of the script that you downloaded *after* I posted my post #27.