Issue 45979: PHP code attached

Hi,

This is the code for the above issue: The values passed are unimportant
as they are for test purposes only. Everything seems to work OK except
that the frame info shows an apparent spurious connection using the
apache2 process userid.



this is the calling page
~~~~~~~~~~~~~~~~~~~~~~~~

Re: Issue 45979: PHP code attached

> This is the page called
> ~~~~~~~~~~~~~~~~~~~~~~~
>
> > #phpinfo(); # phpinfo displays the correct info.
> #exit;
>
> $sqldb = $_POST["sqldb"];
> $sqluser = $_POST["sqluser"];
> $sqlpass = $_POST["sqlpass"];
> $sqlhost = $_POST["sqlhost"];
>
> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);

What happens if I somehow hit the page directly instead of through the
previous page's form? There are no $_POST variables.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Issue 45979: PHP code attached

--0016e6476974c35e5904638d309b
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On Sun, Feb 22, 2009 at 4:43 PM, Chris wrote:

>
> This is the page called
>> ~~~~~~~~~~~~~~~~~~~~~~~
>>
>> >> #phpinfo(); # phpinfo displays the correct info.
>> #exit;
>>
>> $sqldb = $_POST["sqldb"];
>> $sqluser = $_POST["sqluser"];
>> $sqlpass = $_POST["sqlpass"];
>> $sqlhost = $_POST["sqlhost"];
>>
>> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);
>>
>
> What happens if I somehow hit the page directly instead of through the
> previous page's form? There are no $_POST variables.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Then you would need to redirect the user to the form page to get the data
from the user. Or create an application account that the rest of the
application would use. Frankly there is no way that I would ever ask the
user for the credentials, if they need different user accounts, I would
create each one on the server and allow the application to control what
accounts are used.

--

Bastien

Cat, the other other white meat

--0016e6476974c35e5904638d309b--

Re: Issue 45979: PHP code attached

> This is the page called
> ~~~~~~~~~~~~~~~~~~~~~~~
>
> > #phpinfo(); # phpinfo displays the correct info.
> #exit;
>
> $sqldb = $_POST["sqldb"];
> $sqluser = $_POST["sqluser"];
> $sqlpass = $_POST["sqlpass"];
> $sqlhost = $_POST["sqlhost"];
>
> $link = mysql_connect($sqlhost, $sqluser, $sqlpass);
>
>
> What happens if I somehow hit the page directly instead of through
> the previous page's form? There are no $_POST variables.


> Then you would need to redirect the user to the form page to get the
> data from the user. Or create an application account that the rest of
> the application would use. Frankly there is no way that I would ever ask
> the user for the credentials, if they need different user accounts, I
> would create each one on the server and allow the application to control
> what accounts are used.

I was suggesting that was the cause of the problem (no post variables).
I'd ask a user for the details during an install phase of an app, but
that's it.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php