Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Published byCory Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett."— Presentation transcript:

1 Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett

2 Querying You Database MySQL isn’t picky about what accesses it so long as it provides a valid username and password The process plays out the same as it would with a console or other application: – Connect to MySQL. – Select the database to use. – Build a query string. – Perform the query. – Retrieve the results and output it to a web page. – Repeat Steps 3 to 5 until all desired data have been retrieved. – Disconnect from MySQL.

3 Login File It is possible to connect to MySQL in each PHP file that requires a database query – But this isn’t the most secure method Making one file that does all you connecting works much better – This file is then included in any other file that must connect The information may need to be altered based upon how your servers are set up

4 Login File The important thing is to keep the login information within tags (ideally on a page with no HTML markup at all) – If these aren’t between the php tags then your login information may be accessible as HTML if someone loads the page Much like functions this also makes updates easier

5 Connecting to MySQL Any file that needs MySQL can now include the login.php file as a require_once mysqli is a PHP object and requires four pieces of information: server location, username password, and database You want to check if a FALSE is returned which signifies that it failed to connect – Die is a way to show there was an error and pass along the code

6 Building and Executing a Query There is a built in query function in PHP making it simple to query MySQL – As long as you pass this a well formed query This function can only be used to send complete queries, not partial ones The results of the query are placed in the $results variable

7 Fetching A Result The returned results are a resource not plaintext or a string – It is possible to call individual cells that are wanted for the results However this can require a lot of calls to the results – fetch_assoc() can be more efficient – This works by putting each cell in the row into an array labeled with the column name

8 Closing a Connection You never want to leave a connection hanging open it uses up valuable resources If you keep opening connections on your pages and not closing them you risk crashing your server(s) close() function does this effectively for connections free() works on results from a query

9 Integrating PHP and MySQL The basic queries can be combined or sub- nested to perform multiple queries in nested PHP Always make sure to clean up any user input to prevent SQL injection errors – There are many types of escape characters that can execute – Using mysql_real_escape_string() can prevent this problem

10

11 Placeholders One way to make a secure code without using the real escape string Predefine a query using ? characters then pass the user generated data to it – This avoids generating queries and directly inserts the information into the database How can we alter the book example from earlier to make use of this?

12 HTML Injection Much like SQL injections having open forms also allows attacks against HTML and JavaScript htmlentities function strips out any HTML markup and replaces them with the more harmless display codes – <script src='http://x.com/hack.js'> </script><script>hack();</sc ript>

Download ppt "Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett."

Similar presentations

PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Web Security Never, ever, trust user inputs Supankar.

Web Security Never, ever, trust user inputs Supankar.
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.

PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
PHP and MySQL. Why Use a Database  Easy access to data  Simultaneous access by multiple users is handled properly  Security - easy to control access.

PHP and MySQL. Why Use a Database  Easy access to data  Simultaneous access by multiple users is handled properly  Security - easy to control access.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.

Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
PHP Security.

PHP Security.
Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.

Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.
Lecture 6 – Form processing (Part 1) SFDV3011 – Advanced Web Development 1.

Lecture 6 – Form processing (Part 1) SFDV3011 – Advanced Web Development 1.
© Yanbu University College YANBU UNIVERSITY COLLEGE Management Science Department © Yanbu University College Module 6:WEB SERVER AND SERVER SIDE SCRPTING,

© Yanbu University College YANBU UNIVERSITY COLLEGE Management Science Department © Yanbu University College Module 6:WEB SERVER AND SERVER SIDE SCRPTING,
Databases with PHP A quick introduction. Y’all know SQL and Databases  You put data in  You get data out  You can do processing on it very easily 

Databases with PHP A quick introduction. Y’all know SQL and Databases  You put data in  You get data out  You can do processing on it very easily 
MySQL in PHP – Page 1 of 17CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: MySQL in PHP Reading: Williams &

MySQL in PHP – Page 1 of 17CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: MySQL in PHP Reading: Williams &
Create an online booking system (login/registration)

Create an online booking system (login/registration)
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
MySQL + PHP.  Introduction Before you actually start building your database scripts, you must have a database to place information into and read it from.

MySQL + PHP.  Introduction Before you actually start building your database scripts, you must have a database to place information into and read it from.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
NMED 3850 A Advanced Online Design January 26, 2010 V. Mahadevan.

NMED 3850 A Advanced Online Design January 26, 2010 V. Mahadevan.

Similar presentations

Ads by Google