Printable Version of Topic

Click here to view this topic in its original format

HTMLHelp Forums _ Databases _ accessing mariadb from php

Posted by: Jack42 May 24 2022, 05:22 PM

I am writing my first publicly accessible web form that will store data in a mariadb. I have about 20 fields that the user will put their information in and then on submit. The data will go into the mariadb. The database will NOT contain social security, credit card numbers, or other sensitive information. What are some good design tips?

<?php
$dbhost = 'localhost:3036';
$dbuser = 'guest';
$dbpass = 'guest123';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);

if(! $conn ) {
die('Could not connect: ' . mysql_error());
}

echo 'Connected successfully';
mysql_close($conn);
?>

Posted by: CharlesEF May 24 2022, 07:44 PM

To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries.

Posted by: Jack42 May 25 2022, 10:37 AM

QUOTE(CharlesEF @ May 24 2022, 07:44 PM) *

To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries.


Thank you for information. I will use PDO commands. There is quite a bit of information out there.

Posted by: Jack42 May 27 2022, 10:03 AM

QUOTE(CharlesEF @ May 24 2022, 07:44 PM) *

To start with don't use anything 'mysql_*'. It was removed from PHP several versions ago. You can use 'mysqli_*' or PDO commands. I suggest PDO. If you use 'mysqli_*' then be sure to look into parameterized queries.


Thank you CharlesEF for the PDO pointer. This is what I ended up with.
CODE

$dsn = "mysql:host=localhost;dbname=mydatabase;charset=utf8mb4";

$options = [
  PDO::ATTR_EMULATE_PREPARES   => false, // Disable emulation mode for "real" prepared statements
  PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION, // Disable errors in the form of exceptions
  PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // Make the default fetch be an associative array
];

try {
  $pdo = new PDO($dsn, "username", "password", $options);

  $stmt = $pdo->prepare("INSERT INTO mytable(field1) VALUES (?)");
  $stmt->execute([$field1data]);

  $stmt = null;
  $pdo = null;
  echo('<p>Your data has been submitted.  Please wait for us to contact you about the next step.</p>');
}
catch (Exception $e) {
  error_log($e->getMessage());
  exit('Something bad happened');
}

Posted by: CharlesEF May 27 2022, 07:12 PM

It looks fine to me. At least nothing jumps out at me. Does it work?

Posted by: Jack42 May 31 2022, 09:51 AM

QUOTE(CharlesEF @ May 27 2022, 07:12 PM) *

It looks fine to me. At least nothing jumps out at me. Does it work?

It works quite well. Thank you again for the assistance.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)