sniperscope Posted January 24, 2013 Share Posted January 24, 2013 Hello I have two physically seperated server and i want to Read, Update and Insert into remote server's database. My connection code is working <?php $cn = mysql_connect("xxx.xxx.xxx.xxx:3306", "username", "password"); mysql_select_db("db_name", $cn); ?> however, when i try to retrieve data from remote server i got nothing to return. $sql = mysql_query("SELECT id FROM user_master WHERE user_id = '" .$name. "' AND user_pass = '" .$pass. "' LIMIT 1"); $row = mysql_fetch_array($sql); if(mysql_num_rows($sql) == 0) echo "wrong username or password"; else header("location: index.php"); What am i doing wrong ? Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/ Share on other sites More sharing options...
Barand Posted January 24, 2013 Share Posted January 24, 2013 Check for errors if (!$sql) die(mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407870 Share on other sites More sharing options...
fenway Posted January 24, 2013 Share Posted January 24, 2013 Also, that's not a secure way to log in users. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407876 Share on other sites More sharing options...
sniperscope Posted January 24, 2013 Author Share Posted January 24, 2013 @Barand: There is no error on output. But select query is return with 0 result. @Fenway : What am i doing is Just use same database at two different server. User can login from Server B by sql query at Server A. While waiting some help, i had a crazy idea. Not sure if it works or not but want to give a try. Create same db at Server B as well, So if user update at Server A then updated parameters send to Server B through cURL. Delete and insert wil work same way. So i will have two different DB but simultaneously synchronize. Is this good idea? Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407877 Share on other sites More sharing options...
fenway Posted January 24, 2013 Share Posted January 24, 2013 Are you using a case sensitive collation? Do you want passwords to end up in query logs and processlists? I think not. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407883 Share on other sites More sharing options...
sniperscope Posted January 24, 2013 Author Share Posted January 24, 2013 (edited) nope, i always use utf8-general-ci. I am trying to do is: 1 - Check user is really exist and valid when he click "Log in" button. 2 - After succesfully logged in then display his/her entire detail. 3 - If he/she edit/delete something then update on remote server db. /* Off Topic */ It says "Advanced Member" in my profile but somehow i am still asking simple php question. What an irony /* Off Topic */ Edited January 24, 2013 by sniperscope Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407887 Share on other sites More sharing options...
fenway Posted January 24, 2013 Share Posted January 24, 2013 nope, i always use utf8-general-ci. In that case, your passwords are case-insensitive, too -- are you aware of that? That makes them much less secure. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407889 Share on other sites More sharing options...
sniperscope Posted January 24, 2013 Author Share Posted January 24, 2013 My Password include lower/upper case and special character with 16 chars long and I Copy and paste from original connection string. Is that possible that something on server A or B is blocking communicate. Currently my servers has CSF firewall, iptables and ddos deflate. This is last thing i am thinking. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407892 Share on other sites More sharing options...
fenway Posted January 24, 2013 Share Posted January 24, 2013 I don't know what you're talking about -- I'm referring to the user passwords, not your DB login password. That has nothing do with firewalls. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407896 Share on other sites More sharing options...
sniperscope Posted January 24, 2013 Author Share Posted January 24, 2013 yes sir. User password is all uppercase and i am 100% sure login credentials are correct Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407898 Share on other sites More sharing options...
fenway Posted January 24, 2013 Share Posted January 24, 2013 yes sir. User password is all uppercase and i am 100% sure login credentials are correct Sounds like a terrible idea. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407905 Share on other sites More sharing options...
sniperscope Posted January 24, 2013 Author Share Posted January 24, 2013 Dear Fenway. I am going to follow the path as i described in my previous post. Thank you so much for your attention and help. Have a nice day. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407907 Share on other sites More sharing options...
Christian F. Posted January 24, 2013 Share Posted January 24, 2013 (edited) I would strongly recommend that you read this article about secure login systems. As everyone above pointed, your script is not secure at all. If anyone would get a hold of your user DB, which is very likely, then all of your users' passwords is out there in the open. Since people tend to use the same password for all of the sites they've registered to, this means that your DB is a gold mine for anyone looking to get access of a large number of e-mail accounts. Which spammer wouldn't love to do that..? So, read the article, and adhere to its advice. For the sake of your users, if not your own reputation (and possible liability). Edited January 24, 2013 by Christian F. Quote Link to comment https://forums.phpfreaks.com/topic/273575-remote-query/#findComment-1407910 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.