PHP common practices - regarding log in. 1

[Followyourbliss]

Greetings!

I've only recently started getting into PHP on my own. Self tought kind of thing. So I seem to be missing some of the "why's" and "how's" of common practices. If any one could shine some light on this, that would be awesome.

I'm learning how to work with mySQL - I've created a database which contains a table. 2 fields $_Name and $_Email. Thus far I only have 1 login id = the admin. I use it to mess with the table. No Problem. But let's say a new user goes to the site and wants to create a new user. How would I allow the person to create a new user ID while at the same time creating a new record in the table (to store name and email) WITHOUT first using the admin login? Should I create a dummy admin login to allow initial access to the database itself? I'm not really looking for code but rather an explaination of the theory behind it. The how.

Does that make any sense?
Thank you for your time,
Follow Your Bliss.

 

[scorpion4377]

You can send MySQL queries without being logged in.

To add a row to a MySQL table, you need to use something like this:

$q = "INSERT INTO `table` (`$_name`, `$_email`) VALUES ('$name', '$email')";
mysql_query($q);

I'm not sure if your columns are actually named $_name, or _name. Only PHP variables start with $. Columns in MySQL don't start with $.

You should read up on MySQL and security before using it, though. MySQL can be quite dangerous if you don't know how to properly use it.

 

[Followyourbliss]

See that was exactly what I needed to know. Perfect! Thank you. "You can send mysql queries without being logged in." Simple, to the point. ...but of course doesn't give me a warm feeling about the security at all. hmmm... what then is the purpose of having a login to mysql? Just structrual changes?
Do you have any suggested reading for PHP & MySQL?
PS - yes the field names are not variables, I've been up for 24 hours and I feel like I'm on LSD.

Thanks again!

 

[Followyourbliss]

...on second thought, If you don't have to log in, how do you make the connection to the database? IE what would the connection string be for no id and no password?

 

[DRJ478]

There are some misconceptions here. "User" can mean so many different things.
I would distinguish between the user that PHP uses yo connect to the MySQL server. That should be a system defined user which has access privileges just from the local PHP.
The "users" of the site should be created with a user management system that adds them to a site_user table. The PHP scripts that handle all this use the common MySQL user defined above.

Warning:
You don't want anonymous access to your database server. You want to limit access as much as possible. Make a read-only user, a read-write user to the specific tables you need for the user management. Limit access privileges to these databases and from the local server.

No, you can not send mysql queries without being logged in. There is probably a default user set up in the php.ini or (worse) there is a user '%' that can connect from '%' and has no password. <sarcasm>Great - just attach your SSN, credit card numbers and you'll be all set.</sarcasm>

 

[Followyourbliss]

OK that makes sense. Would you care for my Mother's Maiden Name as well?

Thanks all! I will tinker with this a bit. Speaking of tinkering...I think I just parsed in my pants. - Bad geek humor.