RE: Need help on mysql/php
On Wed, 6 Jun 2001, Ian Ford wrote: Name your config file config.inc and if any of the below situations happen your password and username will not show up in plain text for the casual browser. (EXAMPLE: CONFIG.INC ? $DBname = 'test'; $DBuser = 'imatest'; $DBpass = 'Whatever'; $DBhost = 'localhost'; ? INDEX.PHP ? require(config.inc); $conn = mysql_connect($DBhost,$DBuser,$DBpass); mysql_select_db($DBname); ? END EXAMPLE) You can place the config.inc any where you want. My preference is in a includes folder... Actually I tried this out sometime ago and found that it appears as a plain text file. This I believe is because the webserver know that .php or .php3 should be treated as a php file and other in which ever way it can display. -Original Message- From: Neil Zanella [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 06, 2001 12:09 PM To: Don Read Cc: Ed Peddycoart; Mysql@Lists. Mysql. Com; Jorge Oliveira Subject: RE: Need help on mysql/php On Tue, 5 Jun 2001, Don Read wrote: Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is poorly configured. include($DOCUMENT_ROOT/../config.php); This is a very good idea. One day if the system administrator decides to back up all the user data and upgrade the web server and forgets to include support for PHP then all the PHP files become readable as plain text and casual web surfers could sniff your password. Another scenario where this could happen is if there are two web servers and your home directory is mounted on both via NFS or AFS and you may not be aware that the other web server does not have PHP support. If you are serving from /home/httpd/html then store your database access information including passwords in some directory like /home/httpd/secret and set the right ownerships for that directory and files therein. It is also a good idea to control extraneous access to the database by firewalling your site. Neil - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
At 2:13 PM +0530 6/7/01, Adrian D'Costa wrote: On Wed, 6 Jun 2001, Ian Ford wrote: Name your config file config.inc and if any of the below situations happen your password and username will not show up in plain text for the casual browser. (EXAMPLE: CONFIG.INC ? $DBname = 'test'; $DBuser = 'imatest'; $DBpass = 'Whatever'; $DBhost = 'localhost'; ? INDEX.PHP ? require(config.inc); $conn = mysql_connect($DBhost,$DBuser,$DBpass); mysql_select_db($DBname); ? END EXAMPLE) You can place the config.inc any where you want. My preference is in a includes folder... Actually I tried this out sometime ago and found that it appears as a plain text file. This I believe is because the webserver know that .php or .php3 should be treated as a php file and other in which ever way it can display. That only applies to the extension of the top-level file. Included files can have any extension. You do, however, have to surround the text of the included file with ?php ? or ? ? or whatever tags you use. That might have been your problem. -- Paul DuBois, [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
split code for use username and password to connect to MySQL into other file and use include in every php program instead have username and password code. connect.inc.php ? // define database connect variable $hostname = localhost; $username = root; $password = password; $tblname = yourtablename; $dbName = yourdbname; MYSQL_CONNECT($hostname, $username, $password) OR DIE(Unable to connect to database); @mysql_select_db($dbName) or die(Unable to select database); print Succesful connect...; ? readfile.php ? include (connect.inc.php); ... other php code ... ? Regards, Sommai Fongnamthip At 22:37 5/6/2001 +0100, Jorge Oliveira wrote: Hi again, You are right, your username and password will have to be on every PHP script that needs to use database. However, you don't have to be afraid because nobody can access the source of your PHP scripts - unless they are a good hacker! I think you should pay a visit to http://www.php.net to understand how PHP works. Start with the basics and you will see that is reallY VERY simple. Be cool, Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Quarta-feira, 6 de Junho de 2001 0:29 Para: Jorge Oliveira; Mysql@Lists. Mysql. Com Assunto: RE: Need help on mysql/php Thanks...this helped...Just had success in connecting to the MySQL server and dumping the db contents to the screenOne worrisome bit though...My username and password for connecting to the db on my host is my username and password for the web account. If I want to create dynamic webpages by pulling data from my db, won't I have to put this information (usersname and pw) in the php file and leave it on the server? Sounds pretty darn scary to me...maybe I am confused. Ed -Original Message- From: Jorge Oliveira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 12:47 PM To: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php Hi, Please refer to http://www.php.net/manual/en/ref.mysql.php Jorge Oliveira [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Terça-feira, 5 de Junho de 2001 21:31 Para: [EMAIL PROTECTED] Assunto: Need help on mysql/php I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
At 7:49 AM -0700 6/6/01, Ed Peddycoart wrote: It is a shared server Ed Then you're vulnerable, unless the ISP can demonstrate otherwise. -Original Message- From: Paul DuBois [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 6:02 PM To: Jorge Oliveira; Ed Peddycoart Cc: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php At 10:37 PM +0100 6/5/01, Jorge Oliveira wrote: Hi again, You are right, your username and password will have to be on every PHP script that needs to use database. However, you don't have to be afraid because nobody can access the source of your PHP scripts - unless they are a good hacker! Actually, anyone else on the Web server host that has permission to install scripts for the Web server can access the source. I couldn't tell from the original message whether the Web server is shared with other people or not, but if you don't have your own server, you're exposed. I think you should pay a visit to http://www.php.net to understand how PHP works. Start with the basics and you will see that is reallY VERY simple. Be cool, Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -- Paul DuBois, [EMAIL PROTECTED] -- Paul DuBois, [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Actually you are only exposed if you have not set up Apache to run with
virtual hosts. It is not difficult to configure Apache so that a person
can only see the scripts that are in his/her directory, and is prevented
from seeing or modifying the scripts in other peoples directories. Also,
it is wise to place your DB passwords in a separate small file, and then
include the file in all your scripts. You can place the password file in a
directory that doesn't have any accessibility from anyone on the
web. Let's say we have a password file called dbpass.inc, and we place
it in a directory called /var/protected off the root. Only the webserver
is set to have permission to access this directory. The password file
should look something like this:
?php
username=username;
password=password;
?
Then in all your scripts include the following line:
include ('/var/protected/dbpass.inc);
-Ken
At 08:02 PM 6/5/01 -0500, Paul DuBois wrote:
At 10:37 PM +0100 6/5/01, Jorge Oliveira wrote:
Hi again,
You are right, your username and password will have to be on every PHP
script that needs to use database.
However, you don't have to be afraid because nobody can access the source of
your PHP scripts - unless they are a good hacker!
Actually, anyone else on the Web server host that has permission to
install scripts for the Web server can access the source.
I couldn't tell from the original message whether the Web server is
shared with other people or not, but if you don't have your own
server, you're exposed.
I think you should pay a visit to http://www.php.net to understand how PHP
works. Start with the basics and you will see that is reallY VERY simple.
Be cool,
Jorge Oliveira
[EMAIL PROTECTED]
© webfroggie.com - Recursos Online!
web: http://www.webfroggie.com
wap: http://www.webfroggie.com
--
Paul DuBois, [EMAIL PROTECTED]
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail
[EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
On Tue, 5 Jun 2001, Don Read wrote: Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is poorly configured. include($DOCUMENT_ROOT/../config.php); This is a very good idea. One day if the system administrator decides to back up all the user data and upgrade the web server and forgets to include support for PHP then all the PHP files become readable as plain text and casual web surfers could sniff your password. Another scenario where this could happen is if there are two web servers and your home directory is mounted on both via NFS or AFS and you may not be aware that the other web server does not have PHP support. If you are serving from /home/httpd/html then store your database access information including passwords in some directory like /home/httpd/secret and set the right ownerships for that directory and files therein. It is also a good idea to control extraneous access to the database by firewalling your site. Neil - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
At 10:35 AM -0700 6/6/01, Kenneth Kopelson wrote:
Actually you are only exposed if you have not set up Apache to run
with virtual hosts. It is not difficult to configure Apache so that
a person can only see the scripts that are in his/her directory, and
is prevented from seeing or modifying the scripts in other peoples
directories. Also, it is wise to place your DB passwords in a
separate small file, and then include the file in all your scripts.
You can place the password file in a directory that doesn't have any
accessibility from anyone on the web. Let's say we have a password
file called dbpass.inc, and we place it in a directory called
/var/protected off the root. Only the webserver is set to have
permission to access this directory. The password file should look
something like this:
?php
username=username;
password=password;
?
Then in all your scripts include the following line:
include ('/var/protected/dbpass.inc);
Except that all scripts run by Apache run with the same file system access
privileges (namely, the privileges of the account under which Apache is
set to run). So all scripts run by a given instance of the server have
equivalent access privileges. If you and I have scripts run by that server,
my scripts can read yours. I don't see that virtual hosts have much to do
with it. (Unless you're talking about Apache 2.xx, which will solve this
problem by allowing different virtual hosts to be associated with distinct
user IDs.)
-Ken
At 08:02 PM 6/5/01 -0500, Paul DuBois wrote:
At 10:37 PM +0100 6/5/01, Jorge Oliveira wrote:
Hi again,
You are right, your username and password will have to be on every PHP
script that needs to use database.
However, you don't have to be afraid because nobody can access the source of
your PHP scripts - unless they are a good hacker!
Actually, anyone else on the Web server host that has permission to
install scripts for the Web server can access the source.
I couldn't tell from the original message whether the Web server is
shared with other people or not, but if you don't have your own
server, you're exposed.
I think you should pay a visit to http://www.php.net to understand how PHP
works. Start with the basics and you will see that is reallY VERY simple.
Be cool,
Jorge Oliveira
[EMAIL PROTECTED]
© webfroggie.com - Recursos Online!
web: http://www.webfroggie.com
wap: http://www.webfroggie.com
--
Paul DuBois, [EMAIL PROTECTED]
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Name your config file config.inc and if any of the below situations happen your password and username will not show up in plain text for the casual browser. (EXAMPLE: CONFIG.INC ? $DBname = 'test'; $DBuser = 'imatest'; $DBpass = 'Whatever'; $DBhost = 'localhost'; ? INDEX.PHP ? require(config.inc); $conn = mysql_connect($DBhost,$DBuser,$DBpass); mysql_select_db($DBname); ? END EXAMPLE) You can place the config.inc any where you want. My preference is in a includes folder... Thank you, Ian Ford Northwest Link Web Development -Original Message- From: Neil Zanella [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 06, 2001 12:09 PM To: Don Read Cc: Ed Peddycoart; Mysql@Lists. Mysql. Com; Jorge Oliveira Subject: RE: Need help on mysql/php On Tue, 5 Jun 2001, Don Read wrote: Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is poorly configured. include($DOCUMENT_ROOT/../config.php); This is a very good idea. One day if the system administrator decides to back up all the user data and upgrade the web server and forgets to include support for PHP then all the PHP files become readable as plain text and casual web surfers could sniff your password. Another scenario where this could happen is if there are two web servers and your home directory is mounted on both via NFS or AFS and you may not be aware that the other web server does not have PHP support. If you are serving from /home/httpd/html then store your database access information including passwords in some directory like /home/httpd/secret and set the right ownerships for that directory and files therein. It is also a good idea to control extraneous access to the database by firewalling your site. Neil - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
On Wed, 6 Jun 2001, Ian Ford wrote: Name your config file config.inc and if any of the below situations happen your password and username will not show up in plain text for the casual browser. (EXAMPLE: CONFIG.INC ? $DBname = 'test'; $DBuser = 'imatest'; $DBpass = 'Whatever'; $DBhost = 'localhost'; ? INDEX.PHP ? require(config.inc); $conn = mysql_connect($DBhost,$DBuser,$DBpass); mysql_select_db($DBname); ? END EXAMPLE) You can place the config.inc any where you want. My preference is in a includes folder... The config.inc file should still be placed outside of the document root to guard against the security risks I described. If not then there is nothing preventing the user from entering the full URL to config.inc. Neil - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Hi, Please refer to http://www.php.net/manual/en/ref.mysql.php Jorge Oliveira [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Terça-feira, 5 de Junho de 2001 21:31 Para: [EMAIL PROTECTED] Assunto: Need help on mysql/php I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Need help on mysql/php
Great support.. Right.. take a look at www.devshed.com they've got a few nice tutorials.. if you plan to work a lot with MySQL you might want to buy the book called MySQL written by Paul DuBois or fill out the survey and hope you'll get one for free ;-).. Other interesting websites: www.phpbuilder.com www.phpnewbie.com www.phpbeginner.com and many others can be found using your favorite searchengine. Bye, B. At 13:30 5-6-01 -0700, Ed Peddycoart wrote: I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Need help on mysql/php
Hello Ed, Tuesday, June 05, 2001, 11:30:36 PM, you wrote: EP I recently move my website to FastWebServers.com. MySQL and PHP is EP provided. I have a control panel which allows me to initialize MySQL for my EP use. The initialization creates a db, named celticblues_com (my domain is EP celticblues.com). So far, I have added a table to my database, and added EP the neccessary fields. Now I am at a total loss at what to do. I want to EP use PHP scripts to pull info from the db and search the db etc. I have EP contacted my support from FWS, but they point me to MySQL.com for Mysql EP commands technical support. Seems to me I would need to know how to set EP username/password to access the db from script etc. The bottom line EP question is can someone point me to information on what I need to do to be EP able to access(open/close) the db, retrieve/store information, etc. in this EP type of environment (i.e. MySQL provide by my host service, not installed by EP me)? EP Ed EP - EP Before posting, please check: EPhttp://www.mysql.com/manual.php (the manual) EPhttp://lists.mysql.com/ (the list archive) EP To request this thread, e-mail [EMAIL PROTECTED] EP To unsubscribe, e-mail [EMAIL PROTECTED] EP Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php I don't uderstand exactly what you need... If you don't know how to work with MySQL databases using PHP just look at PHP Manual (http://www.php.net/docs.php) Chapter L. MySQL functions (http://www.php.net/manual/en/ref.mysql.php). To understand it quickly see function mysql_connect. -- Best regards, Olexandrmailto:[EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Thanks...this helped...Just had success in connecting to the MySQL server and dumping the db contents to the screenOne worrisome bit though...My username and password for connecting to the db on my host is my username and password for the web account. If I want to create dynamic webpages by pulling data from my db, won't I have to put this information (usersname and pw) in the php file and leave it on the server? Sounds pretty darn scary to me...maybe I am confused. Ed -Original Message- From: Jorge Oliveira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 12:47 PM To: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php Hi, Please refer to http://www.php.net/manual/en/ref.mysql.php Jorge Oliveira [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Terça-feira, 5 de Junho de 2001 21:31 Para: [EMAIL PROTECTED] Assunto: Need help on mysql/php I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Hi again, You are right, your username and password will have to be on every PHP script that needs to use database. However, you don't have to be afraid because nobody can access the source of your PHP scripts - unless they are a good hacker! I think you should pay a visit to http://www.php.net to understand how PHP works. Start with the basics and you will see that is reallY VERY simple. Be cool, Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Quarta-feira, 6 de Junho de 2001 0:29 Para: Jorge Oliveira; Mysql@Lists. Mysql. Com Assunto: RE: Need help on mysql/php Thanks...this helped...Just had success in connecting to the MySQL server and dumping the db contents to the screenOne worrisome bit though...My username and password for connecting to the db on my host is my username and password for the web account. If I want to create dynamic webpages by pulling data from my db, won't I have to put this information (usersname and pw) in the php file and leave it on the server? Sounds pretty darn scary to me...maybe I am confused. Ed -Original Message- From: Jorge Oliveira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 12:47 PM To: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php Hi, Please refer to http://www.php.net/manual/en/ref.mysql.php Jorge Oliveira [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Terça-feira, 5 de Junho de 2001 21:31 Para: [EMAIL PROTECTED] Assunto: Need help on mysql/php I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
Hi, You are making a huge confusion... PHP is a server side scripting language that is used mostly for generate dynamic html pages. For example, let's say you have a file named test.php like this: ? $username=Me; $password=mypass; ... // slq queries here ... echo htmlbodyThis is a testbody/html; ? If you upload this file to your server and browse to it you will get this page: - htmlbodyThis is a test/body/html - The variables $username and $password are not displayed... Again, I recommend you to start reading on PHP and you will find it very easy to understand. Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Quarta-feira, 6 de Junho de 2001 0:49 Para: Jorge Oliveira Assunto: RE: Need help on mysql/php I assume that you mean that they cannot access the scripts if the extension of the file is .php3, but if I mix PHP within an HTML file, then all security bets are off? Ed -Original Message- From: Jorge Oliveira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 2:38 PM To: Ed Peddycoart Cc: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php Hi again, You are right, your username and password will have to be on every PHP script that needs to use database. However, you don't have to be afraid because nobody can access the source of your PHP scripts - unless they are a good hacker! I think you should pay a visit to http://www.php.net to understand how PHP works. Start with the basics and you will see that is reallY VERY simple. Be cool, Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Quarta-feira, 6 de Junho de 2001 0:29 Para: Jorge Oliveira; Mysql@Lists. Mysql. Com Assunto: RE: Need help on mysql/php Thanks...this helped...Just had success in connecting to the MySQL server and dumping the db contents to the screenOne worrisome bit though...My username and password for connecting to the db on my host is my username and password for the web account. If I want to create dynamic webpages by pulling data from my db, won't I have to put this information (usersname and pw) in the php file and leave it on the server? Sounds pretty darn scary to me...maybe I am confused. Ed -Original Message- From: Jorge Oliveira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 05, 2001 12:47 PM To: Mysql@Lists. Mysql. Com Subject: RE: Need help on mysql/php Hi, Please refer to http://www.php.net/manual/en/ref.mysql.php Jorge Oliveira [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -Mensagem original- De: Ed Peddycoart [mailto:[EMAIL PROTECTED]] Enviada: Terça-feira, 5 de Junho de 2001 21:31 Para: [EMAIL PROTECTED] Assunto: Need help on mysql/php I recently move my website to FastWebServers.com. MySQL and PHP is provided. I have a control panel which allows me to initialize MySQL for my use. The initialization creates a db, named celticblues_com (my domain is celticblues.com). So far, I have added a table to my database, and added the neccessary fields. Now I am at a total loss at what to do. I want to use PHP scripts to pull info from the db and search the db etc. I have contacted my support from FWS, but they point me to MySQL.com for Mysql commands technical support. Seems to me I would need to know how to set username/password to access the db from script etc. The bottom line question is can someone point me to information on what I need to do to be able to access(open/close) the db, retrieve/store information, etc. in this type of environment (i.e. MySQL provide by my host service, not installed by me)? Ed - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
On 05-Jun-01 Ed Peddycoart wrote:
Thanks...this helped...Just had success in connecting to the MySQL server
and dumping the db contents to the screenOne worrisome bit though...My
username and password for connecting to the db on my host is my username and
password for the web account. If I want to create dynamic webpages by
pulling data from my db, won't I have to put this information (usersname and
pw) in the php file and leave it on the server? Sounds pretty darn scary to
me...maybe I am confused.
Ed
No, you put it in a php file with nothing but defines / data,
say 'config.php' :
php
// Database ***
define('DBHOST', 'localhost');
define('DBUSER', 'abc');
define('DBPASS', 'abc123');
---
and include('config.php') in your scripts.
If the webserver is configured properly, access to this file will evaluate as
php code; so nothing will get output.
Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is
poorly configured.
include($DOCUMENT_ROOT/../config.php);
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
At 10:37 PM +0100 6/5/01, Jorge Oliveira wrote: Hi again, You are right, your username and password will have to be on every PHP script that needs to use database. However, you don't have to be afraid because nobody can access the source of your PHP scripts - unless they are a good hacker! Actually, anyone else on the Web server host that has permission to install scripts for the Web server can access the source. I couldn't tell from the original message whether the Web server is shared with other people or not, but if you don't have your own server, you're exposed. I think you should pay a visit to http://www.php.net to understand how PHP works. Start with the basics and you will see that is reallY VERY simple. Be cool, Jorge Oliveira [EMAIL PROTECTED] © webfroggie.com - Recursos Online! web: http://www.webfroggie.com wap: http://www.webfroggie.com -- Paul DuBois, [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Need help on mysql/php
At 7:42 PM -0500 6/5/01, Don Read wrote:
On 05-Jun-01 Ed Peddycoart wrote:
Thanks...this helped...Just had success in connecting to the MySQL server
and dumping the db contents to the screenOne worrisome bit though...My
username and password for connecting to the db on my host is my username and
password for the web account. If I want to create dynamic webpages by
pulling data from my db, won't I have to put this information (usersname and
pw) in the php file and leave it on the server? Sounds pretty darn scary to
me...maybe I am confused.
Ed
No, you put it in a php file with nothing but defines / data,
say 'config.php' :
php
// Database ***
define('DBHOST', 'localhost');
define('DBUSER', 'abc');
define('DBPASS', 'abc123');
---
and include('config.php') in your scripts.
If the webserver is configured properly, access to this file will evaluate as
php code; so nothing will get output.
Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is
poorly configured.
include($DOCUMENT_ROOT/../config.php);
However, if you and I both have virtual domains hosted by the same server,
I can write a script that will read your config.php file.
And then, for my next trick, I'll connect to your database and read
(or destroy) all your data. :-)
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
Paul DuBois, [EMAIL PROTECTED]
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
