Using PHP with MySQL Part 2

Slides:

Advertisements

Similar presentations

Alexander Carrington and Liam Martell. Introduction Client: Tom Goldsworthy – G-Group Security Project: Electronic Incident Reporting System Online access.

Advertisements

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.

Query Methods (SQL). What is SQL A programming language for databases. SQL (structured Query Language) It allows you add, edit, delete and run queries.

Murach's PHP and MySQL, C3© 2010, Mike Murach & Associates, Inc.Slide 1.

Murach's PHP and MySQL, C2© 2010, Mike Murach & Associates, Inc.Slide 1.

Murach's PHP and MySQL, C2© 2010, Mike Murach & Associates, Inc.Slide 1.

PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.

Murach's PHP and MySQL, C4© 2010, Mike Murach & Associates, Inc.Slide 1.

Murach's PHP and MySQL, C4© 2010, Mike Murach & Associates, Inc.Slide 1.

CBS Expert Team on Integrated Data Management – WMO December 2003 ACSYS – CliC – IACPO.

Employee database: Conceptual Schema in ERD Chapter 3, page 62.

What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.

PHP and MySQL PHP for the Web, page PHP and MySQL MySQL Resource PHP – MySQL Resource

Multiple Tiers in Action

CSC 2720 Building Web Applications Database and SQL.

Computer Science & Engineering 2111 CSE 2111 Lecture Querying a Database 1CSE 2111 Lecture- Querying a Database.

E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Magento is an open source Content Management System that is mostly powerful in E-Commerce Script. Magento is built using Zend PHP and MySQL Databases.

INFM 603: Information Technology and Organizational Context Jimmy Lin The iSchool University of Maryland Thursday, October 18, 2012 Session 7: PHP.

LIS651 lecture 7 PHP mySQL Thomas Krichel

Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.

Milestone III BRIAN WYKA.  Web-based project manager  Ideal for small company  Portal for employees to interact with each other  A way for administrators.

PHP and MySQL by Example COMP YL Professor Mattos.

Chapter 9 Using PHP with MySQL. header.html Script 9.1 on page 266 des/header.html

CHAPTER 9 PHP AND MYSQL. A POSSIBLE SITE CONFIGURATION Application Folder index.php includes (folder)header.phpfooter.phpstyle.cssmodel (folder)mysqli_connect.php.

Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server

2010/11 : [1]PHP with MySQLBuilding Web Applications using MySQL and PHP (W1) PHP with MySQL.

Case Study Dynamic Website - Three Tier Architecture

Security Considerations Steve Perry

1 DIG 3134 – Lecture 14 MySQL and PHP Play Together Michael Moshell University of Central Florida Media Software Design.

CS779 Term Project Steve Shoyer Section 5 December 9, 2006 Week 6.

DataFlow Diagram – Level 0

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

Chapter 2 Programming with PHP Part 1. form.html Script 2.1 on pages orm.html

Windows 7 WampServer 2.1 MySQL PHP 5.3 Script Apache Server User Record or Select Media Upload to Internet Return URL Forward URL Create.

Server-Side Solutions Steve Perry

CHAPTER 7 Unexpected Input. INTRODUCTION What is Unexpected Input? Something (normally user-supplied data) that is unexpected happen to an application.

Preventing MySQL Injection Sonja Parson COSC 5010 Security Presentation April 26, 2005.

Chapter 1 Introduction to PHP Part 1. Textbook’s Code DOWNLOADS PHP and MySQL for Dynamic Web Sites Complete Set of Scripts.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

How Web Database Architectures Work CPS181s April 8, 2003.

Chapter 8 Error Handling and Debugging. Debugging “When you get frustrated, step away from the computer!”

Chapter 9 Using PHP with MySQL Part 2. view_users.php Script 9.4 on page 283 iew_users.php

Display Page (HTML/CSS)

Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.

CS445 Pacific University 1 11/16/2016 CS 445 Introduction to Database Systems TTH 1:00 – 2:15 Chadd Williams Office HoursM 1:00-2:00 Tue 11-noon Thur 3-4.

© 2010, Mike Murach & Associates, Inc.

Group 18: Chris Hood Brett Poche

Example – SQL Injection

Introduction to PHP Part 1

Chapter 9 Using PHP with MySQL.

© 2010, Mike Murach & Associates, Inc.

Web Systems Development (CSC-215)

© 2010, Mike Murach & Associates, Inc.

Web Browser server client 3-Tier Architecture Apache web server PHP

Web Systems Development (CSC-215)

© 2010, Mike Murach & Associates, Inc.

TJHSST Website Redesign

Chapter 13 Security Methods Part 3.

Accessing Your MySQL Database from the Web with PHP (Ch 11)

TJHSST Website Redesign

Web Programming Language

Programming with PHP Part 1

Using PHP with MySQL Part 3

Error Handling and Debugging

PHP Forms and Databases.

© 2010, Mike Murach & Associates, Inc.

Chapter 16 OOP PHP Part 1.

Presentation transcript:

Using PHP with MySQL Part 2 Chapter 9 Using PHP with MySQL Part 2

view_users.php Script 9.4 on page 286 http://csweb.hh.nku.edu/csc301/frank/ch09/view_users.php ch09\script_09_04\view_users.php

Securing SQL Protecting MySQL access information. Not revealing too much about the database. Be cautious with running queries with user supplied data.

mysqli_real_escape_string $safe = mysqli_real_escape_string($dbc, ‘data’); http://php.net/manual/en/mysqli.real-escape-string.php

register.php Script 9.5 on pages 289-291 http://csweb.hh.nku.edu/csc301/frank/ch09/register2.php ch09\register.php