Issue 45979: PHP code attached

Issue 45979: PHP code attached

am 20.02.2009 18:32:23 von Paul Will

Hi,

This is the code for the above issue: The values passed are unimportant
as they are for test purposes only. Everything seems to work OK except
that the frame info shows an apparent spurious connection using the
apache2 process userid.



this is the calling page
~~~~~~~~~~~~~~~~~~~~~~~~
















onsubmit="message_of_the_day()">











Please enter
your userid and password

Userid: Password:










------------------------------------------------------------ ---------------
The values passed are as follows:
sqluser = shelley
sqlpass = abc123
sqldb = lmts
sqlhost = localhost
------------------------------------------------------------ ---------------

This is the page called
~~~~~~~~~~~~~~~~~~~~~~~

#phpinfo(); # phpinfo displays the correct info.
#exit;

$sqldb = $_POST["sqldb"];
$sqluser = $_POST["sqluser"];
$sqlpass = $_POST["sqlpass"];
$sqlhost = $_POST["sqlhost"];

$link = mysql_connect($sqlhost, $sqluser, $sqlpass);

print "DEBUG: $sqlhost, $sqluser, $sqlpass, $sqldb";
#This prints the correct info

if(! $link)
die("Unable to connect to MySQL server, check userid and password
are correct.\n");

mysql_select_db($sqldb, $link)
or die("Unable to logon to database, database may be offline. $sqldb:
".mysql_error());
..
..
..
..
..
?>




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Issue 45979: PHP code attached

am 22.02.2009 22:43:36 von dmagick

> This is the page called
> ~~~~~~~~~~~~~~~~~~~~~~~
>
> > #phpinfo(); # phpinfo displays the correct info.
> #exit;
>
> $sqldb = $_POST["sqldb"];
> $sqluser = $_POST["sqluser"];
> $sqlpass = $_POST["sqlpass"];
> $sqlhost = $_POST["sqlhost"];
>
> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);

What happens if I somehow hit the page directly instead of through the
previous page's form? There are no $_POST variables.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Issue 45979: PHP code attached

am 23.02.2009 03:59:26 von Phpster

--0016e6476974c35e5904638d309b
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On Sun, Feb 22, 2009 at 4:43 PM, Chris wrote:

>
> This is the page called
>> ~~~~~~~~~~~~~~~~~~~~~~~
>>
>> >> #phpinfo(); # phpinfo displays the correct info.
>> #exit;
>>
>> $sqldb = $_POST["sqldb"];
>> $sqluser = $_POST["sqluser"];
>> $sqlpass = $_POST["sqlpass"];
>> $sqlhost = $_POST["sqlhost"];
>>
>> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);
>>
>
> What happens if I somehow hit the page directly instead of through the
> previous page's form? There are no $_POST variables.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Then you would need to redirect the user to the form page to get the data
from the user. Or create an application account that the rest of the
application would use. Frankly there is no way that I would ever ask the
user for the credentials, if they need different user accounts, I would
create each one on the server and allow the application to control what
accounts are used.

--

Bastien

Cat, the other other white meat

--0016e6476974c35e5904638d309b--

Re: Issue 45979: PHP code attached

am 23.02.2009 04:51:09 von dmagick

> This is the page called
> ~~~~~~~~~~~~~~~~~~~~~~~
>
> > #phpinfo(); # phpinfo displays the correct info.
> #exit;
>
> $sqldb = $_POST["sqldb"];
> $sqluser = $_POST["sqluser"];
> $sqlpass = $_POST["sqlpass"];
> $sqlhost = $_POST["sqlhost"];
>
> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);
>
>
> What happens if I somehow hit the page directly instead of through
> the previous page's form? There are no $_POST variables.


> Then you would need to redirect the user to the form page to get the
> data from the user. Or create an application account that the rest of
> the application would use. Frankly there is no way that I would ever ask
> the user for the credentials, if they need different user accounts, I
> would create each one on the server and allow the application to control
> what accounts are used.

I was suggesting that was the cause of the problem (no post variables).
I'd ask a user for the details during an install phase of an app, but
that's it.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php