[H-GEN] PHP & MYSQL On Linux

Josh Goes josh at thechatplace.net
Mon Jul 28 08:55:13 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

In your PHP scripts:

<?php
// change the values to suit your server setup.
// note: if you are having issues with using 'localhost' then try using
another IP that your server box has (e.g. a LAN one).
mysql_connect("dbserverip", "dbusername", "dbpassword");
mysql_select_db("dbname");

$sql = "SELECT * FROM table";
$result = mysql_query($sql);

while ($ar = mysql_fetch_array($result)) {
    echo $ar["columnname"];        // don't forget column names are case
sensitive
}


// use $HTTP_GET_VARS and/or $HTTP_POST_VARS in PHP to be able to bring user
input into the SQL statement.

mysql_close();
?>


In your shell, you can create a MySQL database by:

# mysqladmin create dbname

Then you can get into your new database by:

# mysql dbname

Inside there you can run SQL statements and queries etc. www.mysql.com for
data types and functions etc.

Before I wrap this up, if you do allow data that a user can tamper with into
your SQL statements then you better check it otherwise you are putting
yourself in a big security hole. Here's an example:

$SQL = "UPDATE Users SET Password = '" . $HTTP_POST_VARS["password"] . "'
WHERE Username = '" . $HTTP_POST_VARS["username"] . "'";

Someone can easily make their $HTTP_POST_VARS equal this: "' OR Username
like '%"
This would cause your SQL statement to behave like this:
UPDATE Users SET Password = 'valuefrompostvars' WHERE Username = '' OR
Username like '%'
And that will change the 'password' column in every record in the table
'Users'.

Just be aware of that because I have fallen victim to it!

Hope this helps and makes sense.
Josh.



----- Original Message -----
From: David Duffy <david at audiovisualdevices.com.au>
To: Humbug <general at lists.humbug.org.au>
Sent: Monday, July 28, 2003 10:30 PM
Subject: [H-GEN] PHP & MYSQL On Linux


> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> Hi there,
> I've managed to install MySQL and PHP on my RH 7.3 box
> (whoo hoo) and want to start builing a new web site.
> Can someone with experience with this sort of thing tell
> me if it's easy enough to store product details (photo,
> price, text) in a MySQL database on the Linux server and
> have Apache & PHP serve it up as web pages based on what
> categories the surfer clicks on? I realise that it's a
> bit OT here but need a nudge in the right direction. :-)
> David...
> --
> ___________________________________________
> David Duffy        Audio Visual Devices P/L
> U8, 9-11 Trade St, Cleveland 4163 Australia
> Ph: +61 7 38210362   Fax: +61 7 38210281
> New Web: www.audiovisualdevices.com.au
> ___________________________________________
>
>
> --
> * This is list (humbug) general handled by majordomo at lists.humbug.org.au .
> * Postings to this list are only accepted from subscribed addresses of
> * lists 'general' or 'general-post'.  See http://www.humbug.org.au/
>


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list