MySQL database Log in script. Page keeps on loading
Hey there,
I've come across this problem when trying to create a log in script. I've installed easyPHP and everything has been working fine up until I place "localhost:8080" as the value to my variable $mysql_server. I changed the localhost to port 8080 priviosly and I've set up a database called user with the table userdata. As I said everything has been working fine and I've created scripts earlier like counters and stuff that has had no errors. Now when I type in the path (http://localhost:8080/web/delprov_inloggning/index.php) to my script the page just keeps on loading for ever.
Even if I try just localhost:8080/home it will just keep on loading now. When I remove the script and restart my computer everything works fine again..
Anyone out there that can help?
Why is your mysql on port 8080? Whilst there is no reservation for it, 80, 8080, and 8088 are often used for web software. You can't attach to localhost:8080 for both your sql and your webserver software.
If you have not touched the port configurations on mysql, it will be on 3306. There is no reason to type this in at all if you haven't modified it; the MySQL[i] libraries will automatically try port 3306 if not given an alternative (or whatever port specified in the ini for the mysql port).
Thank you very much for your replies! I got mixed up about the server and database. Changed to localhost, removed the old magic_quotes and added some security:
PHP Code:
<?php
ob_start();
$db_hostname="localhost"; // Host name
$db_username="root"; // Mysql username
$db_password=""; // Mysql password
$db_database="user"; // Database name
$tbl_name="userdata"; // Table name
As you might have guessed I'm quite new to this (hehe). Is there any other security issues I should take in to account? (My teacher have told me to use md5 even though its not very secure.) Do yous know any good sites for learning about sessions and how to use them on my site? Thanks once again
if (ini_get('magic_quotes_gpc')) { $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); }
This has to occur before the $encrypted_mypassword is set.
MD5 isn't secure no. But if you have instructions to do so, then you follow the instructions. Session's are easy, just go to PHP.net and search for session_start. They will have examples on usage, the only pitfall is the use of header('location') where SID has to be manually applied as it won't include transparent session identifiers if you have it enabled and cookies are not available.
$encrypted_mypassword=md5($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql);
What do you think? Is the security good enough? The major threats are XSS and SQL injection, right? Been trying to get my head around mysqli and prepared statements, but just don't get it.. (I'm using MySQL 5.5.27)
This line isn't necessary: $mypassword = mysql_real_escape_string($mypassword);. Remove that, or move it below the md5 call. It won't make a difference overall since md5 will never return results that can break the SQL structure, but using it before will cause it to escape the data before hashing it which will be different than the original if it includes ".
Looks good otherwise, be aware that a header with a location doesn't actually change your page until after its sent to the client, so if you have instructions beyond those to process they will still run. More often than not you don't want to do this so exit() is usually called immediately after a header('Location...'). With if/else blocks, it has little relevance as it won't enter anywhere else, but it's still a good habit to get into in case you do it in a more bizarre location like within a function.
Before you post, read our: 
