I have designed a web page with PHP and in the page I am dealing with databases.I am using MySQL which I can access it through my university account.
I have a problem and let me explain the situation :
For example assume that the first page is for authentication. The user (me) enters the login name and password.These are then being stored in php variables say $id and $password .These inputs are transferred to the next using HTML an form. In the second page I wanna view a tables contents and for this reason I have to connect to the Mysql server using the command :
$link = mysql_connect("localhost","$id","$password");
So when a user from my own server enters my accounts and reads this file, he is not able to view the contents of the connection password.
So far so good, but assume that I have a link in this second page and it is for entering a new record to the database.
We follow the link and we have lost the variables $id and $pass. In order to enter a new record to the database we must perform a connection to the database onceagain but the variables are not available anymore. So the password must be explicitly written. Anyone viewing the source code of the web page, won't be able to see the php stuff but a user coming in from the server (linux) can read this third file with the cat command. And the password is seen...
I'd be glad if u mail me back with a confirmation that I could explain the situation...
I am an Electronical Engineer and for about 3 month I am working with this problem..
Hope to hear from u soon...
Korhan Pulats?/div>saloon12yrd09-06-2001, 10:23 AM
I have a problem and let me explain the situation :
For example assume that the first page is for authentication. The user (me) enters the login name and password.These are then being stored in php variables say $id and $password .These inputs are transferred to the next using HTML an form. In the second page I wanna view a tables contents and for this reason I have to connect to the Mysql server using the command :
$link = mysql_connect("localhost","$id","$password");
So when a user from my own server enters my accounts and reads this file, he is not able to view the contents of the connection password.
So far so good, but assume that I have a link in this second page and it is for entering a new record to the database.
We follow the link and we have lost the variables $id and $pass. In order to enter a new record to the database we must perform a connection to the database onceagain but the variables are not available anymore. So the password must be explicitly written. Anyone viewing the source code of the web page, won't be able to see the php stuff but a user coming in from the server (linux) can read this third file with the cat command. And the password is seen...
I'd be glad if u mail me back with a confirmation that I could explain the situation...
I am an Electronical Engineer and for about 3 month I am working with this problem..
Hope to hear from u soon...
Korhan Pulats?/div>saloon12yrd09-06-2001, 10:23 AM