mySQL PHP Problems - Unordly information - Fixing auto numbers

[Rectal Exambot]

Well Hello!

 

HTML was easy to pick up, PHP wasn't too hard after HTML now I have reached mySQL and its a damn lot harder so I thought it was high time I joined a forum to get help and talk about PHP.

 

Okay, Im using PHPmyAdmin to do mySQL data bases and I watched a few youtube videos and was wondering how to get it to display text where you can tell what is entered in a database.

 

<?php

mysql_connect("localhost","liam","password");

mysql_select_db("first");

 

$sql = mysql_query("SELECT * FROM user");

 

while($rows = mysql_fetch_assoc($sql))

 

{

var_dump($rows);

}

 

?>

 

Gives me

array(4) { ["ID"]=>  string(1) "1" ["username"]=>  string(5) "admin" ["password"]=>  string(32) "*2470C0C06DEE42FD1618BB99005ADCA" ["information"]=>  string(37) "Hello, my name is admin, how are you?" }

 

I realise that I'm using an encryption method for my password. I have been trying a way to create accounts from a HTML file that utilises PHP to add it to mySQL data base and it works fine but I was wondering how to I allow it to not allow null values?

 

<form action="sqlSubmit.php" method="post">

<input type="text" name="theusername"/>

<br />

<input type="password" name="thepassword"/>

<br />

<input type="textbox" name="theinformation"/>

<br />

<input type="submit" value="Create New Account"/>

</form>

<?php

$x=$_POST[theusername];

$y=$_POST[thepassword];

$z=$_POST[theinformation];

mysql_connect("localhost","liam","password");

mysql_select_db("first");

mysql_query("INSERT INTO user(username,password,information) VALUES ('$x', '$y', '$z')")

?>

 

I have only just started mySQL today and was wondering if I was doing it right? It works okay but I have also set an auto number ranging from 0 onwards, and when I add some data it is given a 1, I add another it gets a 2, and then another which is given a 3. If I then delete 2 it goes from 1 to 3, is there a way to fix this?

 

I've been experimenting with this and I plan to try search functions tommorrow.

 

Ok thanks alot for reading, any insight to these problems would be loved and if anyone has any small challenges that would help for me to try that I'm forgetting please mention it. Also anyone know any good tutorials.

 

Thanks for letting me join and I hope to 'lurk moar' and learn the ways of this forum.

[Chicken Little]

Sounds like three things. To see what's in the database you could do the following

 

<?php
$username = "liam";
$password = "password";
$hostname = "localhost";	
$dbh = mysql_connect($hostname, $username, $password) 
or die("Unable to connect to MySQL");
$selected = mysql_select_db("first",$dbh) 
or die("Could not select first_test");
$result = mysql_query("SELECT * FROM user id, name, price FROM product");
while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
print "ID:".$row{'ID'}." Name:".$row{'username'}." "Password: ".$row{'password'}, 
".$row{'information'}."<br>";
}
mysql_close($dbh);
?>

 

For the second you could use a form validator so that nulls are not allowed.

 

For the third, that is the way autonumbers are generated.

[Rectal Exambot]

Ah ok, thanks alot for the reply, ill try some of those

[Rectal Exambot]

<?php
mysql_connect("localhost","liam","password");
mysql_select_db("first");

$sql = mysql_query("SELECT * FROM user");


while ($row = mysql_fetch_array($sql, MYSQL_BOTH)) 
{
    printf ("ID: %s", $row[iD]);
    printf ("Username: %s", $row[username]);
    echo (" ");
    printf ("Password: %s", $row[password]);
    echo (" ");
    printf ("Information: %s", $row[information]);
    echo"<br />";
}
?>

 

Works pretty good, thanks for the help, is their any problems with this code? Because it shows everything that I want it to but maybe it isn't compatible with other code or something. Also what is the printf used for and what is %s used for?

 

 

 

EDIT: When I submit my password

<?php
$x=$_POST[theusername];
$y=$_POST[thepassword];
$z=$_POST[theinformation];
mysql_connect("localhost","liam","password");
mysql_select_db("first");	
mysql_query("INSERT INTO user(username,password,information) VALUES ('$x', '$y', '$z')");

echo "<a href='sqlSubmit.htm'>Back</a>";
?>

 

I want it to convert to MD5 or another form of password encryption, how do you do this?

 

Thanks

[Chicken Little]

It shows everything because your SQL instructed it to do so (SELECT * means to select everything). Printf() allows you to format the output and the %s is the type specifier for string. Can you better explain what you are trying to do. More specifically, is there code between the two you have presented here? Looks like a login but you are querying every user in the database and then jump to logging in.

[Rectal Exambot]

With all of these databases is there a way to hack these? Is there any precautions I should take to protect my passwords from crackers, hackers and script kiddies? I am thinking about changing them to MD5 but I was wondering how to view them unencrypted and when I create new accounts/passwords using a PHP interface that it will automatically convert them to MD5.

[Chicken Little]

Depending on what you are doing and/or what you want there are a variety of things to do. Filtering input and escaping output are two things to consider. Using a hash combined with salting is another. Pick up a book on php security and you will find a lot of options.