PHP4+MySQL

[bluscale]

im completely new and im trying to setup a basic guestbook. i made my mysql table, my php code but it doesn't work. do i have to start up mysql or something special like that?

heres my code (bare with me its form a crude tutorial)

*sign.php*
<h2>Sign my Guest Book!!!</h2>

<form method=post action=&quot;create_entry.php&quot;>

<b>Name:</b>
<input type=text size=40 name=name>
<br>
<b>Location:</b>
<input type=text size=40 name=location>
<br>
<b>Email:</b>
<input type=text size=40 name=email>
<br>
<b>Home Page URL:</b>
<input type=text size=40 name=url>
<br>
<b>Comments:</b>
<textarea name=comments cols=40 rows=4 wrap=virtual></textarea>
<br>

<input type=submit name=submit value=&quot;Sign!&quot;>
<input type=reset name=reset value=&quot;Start Over&quot;>

</form>

*create_entry.php*
<?php
mysql_connect(&quot;localhost&quot;, &quot;nobody&quot;,&quot;password&quot or
die (&quot;Could not connect to database&quot;
mysql_select_db(&quot;guestbook&quot or
die (&quot;Could not select database&quot;

if ($submit == &quot;Sign!&quot
{
$query = &quot;insert into guestbook
(name,location,email,url,comments) values
('$name', '$location', '$email', '$url', '$comments')&quot;
;
mysql_query($query) or
die (mysql_error());
?>
<h2>Thanks!!!</h2>
<h2><a href=&quot;view.php&quot;>View My Guest Book!!!</a></h2>
<?php
}
else
{
include(&quot;sign.php&quot;
}
?>

*view.php*
<?php include(&quot;dbconnect.php&quot; ?>

<h2>View My Guest Book!!</h2>

<?php

$result = mysql_query(&quot;select * from guestbook&quot or
die (mysql_error());
while ($row = mysql_fetch_array($result))
{
echo &quot;<b>Name:</b>
echo $row[&quot;name&quot;];
echo &quot;<br>\n&quot;;
echo &quot;<b>Location:</b>;
echo $row[&quot;location&quot;];
echo &quot;<br>\n&quot;;
echo &quot;<b>Email:</b>;
echo $row[&quot;email&quot;];
echo &quot;<br>\n&quot;;
echo &quot;<b>Url:</b>;
echo &quot;$row[&quot;url&quot;];
echo &quot;<br>\n&quot;;
echo &quot;<b>Comments:</b>&quot;;
echo $row[comments:];
echo &quot;<br>\n&quot;;
echo &quot;<br>\n&quot;;
echo &quot;<br>\n&quot;;
}
mysql_free_result($result);
?>

<h2><a href=&quot;sign.php&quot;>Sign My Guest Book!!</a></h2>







help!

 

[KarveR]

What O/S are you running on? Do you get any errors from mysql? do you get any errors running the php pages?

blah blah..

Clues please ______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[bluscale]

sorry sorry ok im almost sure it MySQL, heres the error messages and the code its coming from


Warning: Access denied for user: 'nobody@127.0.0.1' (Using password: YES) in C:\website\create_entry.php on line 2

Warning: MySQL Connection Failed: Access denied for user: 'nobody@127.0.0.1' (Using password: YES) in C:\website\create_entry.php on line 2
Could not connect to database


-----------------------------

the code************


mysql_connect(&quot;localhost&quot;, &quot;nobody&quot;,&quot;password&quot or
die (&quot;Could not connect to database&quot;
mysql_select_db(&quot;guestbook&quot or
die (&quot;Could not select database&quot;




any ideas?

 

[sleipnir214]

It's permissions.

MySQL user credentials are not a 2-tuple of username and password. MySQL user credentials are a 3-tuple of username, password, and IP address.

Make sure that the user &quot;nobody&quot; has his password set to &quot;password&quot; and has been given permission to access the server from 127.0.0.1. And that he has permission to access the database &quot;guestbook&quot;

The SQL command is

GRANT all on guestbook.* to nobody@localhost identified by 'password' ______________________________________________________________________
TANSTAAFL!

 

[bluscale]

wow thanks that help but one last problem i think!!! i got this error afterward

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\website\view.php on line 15

------------------------

what do you think that is?

 

[bluscale]

update, played with view.php a bit and now i get this

Parse error: parse error, expecting `','' or `';'' in C:\website\view.php on line 16

-------------

 

[bluscale]

a ha! got it finally, ok i got it to work sorry for all these post but now comes my last question. say i wanted to post this online. what would i have to do so that anyone that wanted to post could. i had to grant permission to myself to post, would i have to grant everyone permission as well? thank you all for your help!!! i guess i wont be dropping this hobby so soon after all!

 

[KarveR]

No, you only need to grant the httpd daemon access, as the requests would all originate from the actual webserver and not the users PC. ______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[bluscale]

ok i need an example

 

[sleipnir214]

Insufficient data for a meaningful answer. Using assumptions not in evidence....

If the question is, &quot;What permissions do I have to set to give any web user the ability to post data to my database?&quot;, I disagree with KarveR.

I strongly recommend you use an application-specific set of user credentials in your PHP code to grant access to an application's database.

If the question is &quot;What filesystem permissions do I have to set to allow PHP code to write to my server;'s filesystem?&quot;, then I agree with KarveR. ______________________________________________________________________
TANSTAAFL!

 

[bluscale]

If the question is, &quot;What permissions do I have to set to give any web user the ability to post data to my database?&quot;, I disagree with KarveR.

I strongly recommend you use an application-specific set of user credentials in your PHP code to grant access to an application's database.

----------------------------------

ok the way you phrased my question is the way i wanted it to be percieved so by application specific what do you mean? i've actually moved on to making a login script (well more like copied and then made pretty) but i understand what i copied. anyway yeah what do you mean?

thank you again for thinking for me sleipnir214

 

[KarveR]

OK for my part: the httpd daemon (the server process which is normally apache or IIS, I'll use apache for this example ) is a member of its own group and should only be allowed to access its own directory tree (DocumnetRoot) and be limited to reading files with suitable permissions.

This keeps the webserver a more secure place.

You set mysql priviledges to allow read only from user &quot;apache&quot;, connecting from localhost OR IP:127.0.0.1 (provided mysql is on the same server). - this means that any webpage can access the database for reading which is fine and dandy.

Any page designed to write to the database should use a specific login and password setup with read write delete and update privileges, these pages you keep nice n safe for obvious reasons. ** see the note below

This reduces the chances of anyone from outside the server gaining access and modifying things they shouldn't.

When setting up something like a guestbook which requires lots of users to add entries, the easiest way to allow access is again allowing the webserver daemon access to the database. - you need to be very SPECIFIC here about what and where.


** THIS is the note:
read the manual carefully, understand the implications.

Be very careful how you set up users of the database and do not alow any web page / daemon whatever access to the user tables of your mysql database.

READ >>>>>>

http://www.mysql.com/doc/en/General_security.html

<<<<< THIS
______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.