catfish Posted June 6, 2010 Report Share Posted June 6, 2010 (edited) So, I installed the Wampserver on my computer and have set up numerous databases over the past few days while working on a couple of tutorials. First one connected fine to the database and now I can't seem to get a connection and I'm confused with what I'm doing now. I'm trying to set up a login / registration. my original db was set up and called "recipes" host=localhost, username=test, password=password. So I have deleted all but 1 db now thinking maybe I'm only allowed 1 per wampserver?? Is that true? Now I have a db named catfishdb and a table set up called members with 3 fields, id, username, password My html form <form action="checklogin.php" method="post" name="form1"> <label for="username">User Name: </label><input type="text" name="myusername" id="username"> <label for="password">Password: </label><input type="password" name="mypassword" id="password"> <input type="submit" value="Login"> </form> My checklogin.php page <?php $host = "localhost"; $username = "test"; $password = "password"; $db_name = "catfishdb"; $tbl_name ="members"; $connect = mysql_connect("localhost", "test", "password") or die('Could not connect to server'); mysql_select_db("catfishdb") or die('Could not connect to database'); $myusername = $_POST['myusername']; $mypassword = $_POST['mypassword']; $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query ($sql); $count = mysql_num_rows ($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Then I have a couple other pages such as login_success.php. I find it very difficult to even ask the proper questions here but hopefully a php whiz can spot something here. I've registered 1 username and password in the phpmyadmin panel for testing and I still get an error "Could not connect to database" Edited June 6, 2010 by catfish Quote Link to comment Share on other sites More sharing options...
krillz Posted June 6, 2010 Report Share Posted June 6, 2010 So, I installed the Wampserver on my computer and have set up numerous databases over the past few days while working on a couple of tutorials. First one connected fine to the database and now I can't seem to get a connection and I'm confused with what I'm doing now. I'm trying to set up a login / registration. my original db was set up and called "recipes" host=localhost, username=test, password=password. So I have deleted all but 1 db now thinking maybe I'm only allowed 1 per wampserver?? Is that true? Now I have a db named catfishdb and a table set up called members with 3 fields, id, username, password My html form You may have as many databases as you want. I would start of with making sure that the user you have set up has in fact the correct priveleges to access the database and/or use the commands as SELECT, UPDATE, INSERT and any other needed. Also just create a test.php and see if you can establish the connection. <?php $host = "localhost"; $username = "test"; $password = "password"; $db_name = "catfishdb"; $conn = new mysqli($host, $username, $password, $db_name) if (! $conn) echo 'Could not establish connection'; else echo 'Connection established'; mysqli_close($conn); ?> Quote Link to comment Share on other sites More sharing options...
catfish Posted June 6, 2010 Author Report Share Posted June 6, 2010 Thanks for your reply, now I really messed things up. I started with your test code and kept getting parse errors. I finally got just a simple hello php to show up in the browser and then I went to check the privileges set and screwed something up big time. Below is what the phpMyAdmin screen says now. I even uninstalled the whole Wampserver and reinstalled it and still get the same screen. I've looked and looked and I can't find where to check the host, username and password in a configuration file anywhere. Error MySQL said: #1045 - Access denied for user 'root'@'localhost' (using password: NO) phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server. Quote Link to comment Share on other sites More sharing options...
catfish Posted June 6, 2010 Author Report Share Posted June 6, 2010 Ok, I managed to find the config file and changed the user back. Now I'm back in phpMyAdmin and will start from scratch with a new database. My catfishdb has disappeared. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted June 6, 2010 Report Share Posted June 6, 2010 My catfishdb has disappeared. If you uninstalled/reinstalled WAMP, that happens. PHPMyAdmin does allow you to export databases, so if you ever need to do that again keep that in mind. BTW, make sure when you are writing this login script that you are escaping your user input correctly to prevent MySQL injection. I talk about this in a series I did on creating a PHP login that's available in the KillerSites University (under PHP > Misc PHP Videos). I'd suggest looking at the mysql_real_escape_string() and htmlspecialchars() functions. With the code you have at the moment, I could input "' OR 1==1 --" in one of the fields and instantly get access, without knowing the username or password. http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php Quote Link to comment Share on other sites More sharing options...
krillz Posted June 6, 2010 Report Share Posted June 6, 2010 If you uninstalled/reinstalled WAMP, that happens. PHPMyAdmin does allow you to export databases, so if you ever need to do that again keep that in mind. BTW, make sure when you are writing this login script that you are escaping your user input correctly to prevent MySQL injection. I talk about this in a series I did on creating a PHP login that's available in the KillerSites University (under PHP > Misc PHP Videos). I'd suggest looking at the mysql_real_escape_string() and htmlspecialchars() functions. With the code you have at the moment, I could input "' OR 1==1 --" in one of the fields and instantly get access, without knowing the username or password. http://www.tizag.com...l-injection.php Make sure you cover binary and hexdecimal, computer code injections also as the computer do not require text to be inputed and many times escaping non text, digit characters isn't enough. But it's a good start. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.