Login

coole210

First of all, I have no clue why my old thread was deleted. I posted it yesterday >.>

Anyways, I'm re-posting it and this is the new version of my newbie "PHP With Mysql" Tut.

In this tutorial I will show you how to make PHP webpages with MySQL.

First off, add the PHP tags:

PHP код:

<?php ?>

Now, Within those tags, connect to MySQL.

PHP код:

<?php $mysql = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error()); mysql_select_db(MYSQL_DATABASE) or die(mysql_error()); //Code will go here. mysql_close($mysql); ?>

Alright now that we've connected, it's time to do a simple but useful query. Usually people start off with selecting 1 specific thing from a table, I'm going to show you how to make a simple money rank.

PHP код:

<?php $mysql = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error()); mysql_select_db(MYSQL_DATABASE) or die(mysql_error()); $result = mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` ORDER BY `Money` DESC LIMIT 0,10"); //Select what you need to select while($data = mysql_fetch_array($result)) // Make $data an array of the query you just executed. {     echo "Username: ".$data['Username']" Money: ".$data['Money']."<br>"; // Echo the data and add a line after (<br> is a new line) } mysql_free_result($result); mysql_close($mysql); ?>

You can now make a table from that data instead of echoing it.

PHP код:

<?php $mysql = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error()); mysql_select_db(MYSQL_DATABASE) or die(mysql_error()); $result = mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` ORDER BY `Money` DESC LIMIT 0,10"); //Select from database, order by 'Money' and show 0 through 10 results //Make the table before the results. echo ' <table border="1"> <tr> <th>Username</th> <th>Money</th> </tr> '; while($data = mysql_fetch_array($result)) // Make $data an array of the query you just executed. {     echo "<tr>     <td>".$data['Username']"</td>     <td>".$data['Money']."</td>     </tr>"; } echo "</table>"; mysql_free_result($result); mysql_close($mysql); ?>

Now maybe your wondering how to make those webpages where you can type your own name, Here's how to do it.

PHP код:

<?php function Escape($string) //Thanks to XFlawless {       $string = htmlentities($string);       $string = stripslashes($string);       $string = mysql_real_escape_string($string);       return $string; } $mysql = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or die(mysql_error()); mysql_select_db(MYSQL_DATABASE) or die(mysql_error()); //Make the table before the results. if(isset($_GET['User'])) // If the PHPFILE has ?User=<texthere> {     $_GET['User'] = Escape($_GET['User']); //Prevent any SQL Injections.     $res = mysql_query("SELECT `Username` FROM `MYSQL_TABLE` WHERE `Username` LIKE '".$_GET['User']."'");     if(mysql_num_rows($res) === 1) // Check if there is an account with that username     {         echo 'User Information for : '.$_GET['User'].'<br><br>';         echo '         <table border="1">         <tr>         <th>Username</th>         <th>Money</th>         </tr>         ';         $result = mysql_query("SELECT `Username`,`Money` FROM `MYSQL_TABLE` WHERE `Username` LIKE '".$_GET['User']."'"); //Select Money and Username from the database where username is what's inputted         while($data = mysql_fetch_array($result)) // Make $data an array of the query you just executed.         {             echo "<tr>             <td>".$data['Username']"</td>             <td>".$data['Money']."</td>             </tr>";         }         echo "</table>";                 mysql_free_result($result);         //I would edit the table a bit and get rid of the Username part.     }     else     {         die("Error: User does not exist.");     } } else {     die("Error: You did not enter a Username."); } mysql_close($mysql); ?>

In the code above, you must add ?User=namehere to the PHP file (Ex: index.php?User=Coole)

nielsbon1 · 29.06.2011, 21:11

This is a simple but nice totorial but insecure. Alway's make the connection details in a appart file in a directory that no-one can acces. Else hacking will be just www.thisisyoursite.com/blabla.php > download it read it and get the passwords.

jameskmonger · 29.06.2011, 21:20

nielsbon, downloading that file will give you the parsed HTML output

coole210 · 29.06.2011, 21:22

You cannot see any PHP info from downloading a PHP file, so it is secure. Even if you could download it, you would see the HTML info.

Quote:

Originally Posted by jameskmonger

nielsbon, downloading that file will give you the parsed HTML output

He said that seconds before me..

Btw, If you don't know don't speak.

[Ask]Terminator · 29.06.2011, 21:24

very nice and usefull

nielsbon1 · 29.06.2011, 21:25

It is sstill insecure + if you would create something like a php file with the name config.php and would put there the codes in then you can do include_once function. So you dont need to load many times the database connection and shut it down.

coole210 · 30.06.2011, 02:07

Nielsbon1 you've failed to make a correct statement again, If you load from config file, you cannot close the mysql connection, which is insecure as well.

PHP код:



$_GET['User'] = mysql_real_escape_string($_GET['User']); //Prevent any SQL Injections.

This is wrong, hackers can easily implement XSS/CSRF attack into the input.

PHP код:



function Escape($string)

{

      $string = htmlentities($string);

      $string = stripslashes($string);

      $string = mysql_real_escape_string($string);

      return $string;

}

PHP код:



while($data = mysql_fetch_array($result)) // Make $data an array of the query you just executed.

{

    echo "<tr>

    <td>".$data['Username']"</td>

    <td>".$data['Money']."</td>

    </tr>";

}

PHP код:



mysql_free_result($result);//Forgot to free the result ?

PS: This tutorial is full of security holes.

Harry_Sandhu · 30.06.2011, 07:25

What will be happened if we do this?

And whats this My SQL as i am a begginer in sa-mp i dont know the meanings i can make some smalll things only.

HP · 25.07.2011, 14:06

Quote:

Originally Posted by coole210

Nielsbon1 you've failed to make a correct statement again, If you load from config file, you cannot close the mysql connection, which is insecure as well.

You can always make a "connect.php" and "closeconnection.php" file and then include them.
It's not SA-MP scripting tutorial anyway, like Kwarde pointed out.

Login
Username:
Password:	Lost Password?
	Remember me