accessing mariadb from php |
accessing mariadb from php |
Jack42 |
May 24 2022, 05:22 PM
Post
#1
|
Group: Members Posts: 8 Joined: 24-May 22 Member No.: 28,363 |
I am writing my first publicly accessible web form that will store data in a mariadb. I have about 20 fields that the user will put their information in and then on submit. The data will go into the mariadb. The database will NOT contain social security, credit card numbers, or other sensitive information. What are some good design tips?
<?php $dbhost = 'localhost:3036'; $dbuser = 'guest'; $dbpass = 'guest123'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($conn); ?> |
CharlesEF |
May 24 2022, 07:44 PM
Post
#2
|
Programming Fanatic Group: Members Posts: 1,996 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries.
|
Jack42 |
May 25 2022, 10:37 AM
Post
#3
|
Group: Members Posts: 8 Joined: 24-May 22 Member No.: 28,363 |
To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries. Thank you for information. I will use PDO commands. There is quite a bit of information out there. |
Jack42 |
May 27 2022, 10:03 AM
Post
#4
|
Group: Members Posts: 8 Joined: 24-May 22 Member No.: 28,363 |
To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries. Thank you CharlesEF for the PDO pointer. This is what I ended up with. CODE $dsn = "mysql:host=localhost;dbname=mydatabase;charset=utf8mb4"; $options = [ PDO::ATTR_EMULATE_PREPARES => false, // Disable emulation mode for "real" prepared statements PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // Disable errors in the form of exceptions PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // Make the default fetch be an associative array ]; try { $pdo = new PDO($dsn, "username", "password", $options); $stmt = $pdo->prepare("INSERT INTO mytable(field1) VALUES (?)"); $stmt->execute([$field1data]); $stmt = null; $pdo = null; echo('<p>Your data has been submitted. Please wait for us to contact you about the next step.</p>'); } catch (Exception $e) { error_log($e->getMessage()); exit('Something bad happened'); } |
CharlesEF |
May 27 2022, 07:12 PM
Post
#5
|
Programming Fanatic Group: Members Posts: 1,996 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
It looks fine to me. At least nothing jumps out at me. Does it work?
|
Jack42 |
May 31 2022, 09:51 AM
Post
#6
|
Group: Members Posts: 8 Joined: 24-May 22 Member No.: 28,363 |
|
Lo-Fi Version | Time is now: 4th December 2024 - 08:19 PM |