|
*dhtml (m)
|
Still i admire your spirit - keep it up man - dont worry u will not get tired in Jesus name (Amen).
|
|
|
|
|
|
webdezzi (m)
|
thanks for the compliments.
Just that i am doing a lot at the same time.
|
|
|
|
|
|
yusufu16
|
Hi webdezzi just asking you could send the complete tutorial on designing dynamic website using PHP/MySQL please jeturn16@yahoo.com |
|
|
|
|
|
yusufu16
|
i checked you the websites you designed inculding www.webdezzi.com mennn you doing a great job |
|
|
|
|
|
webdezzi (m)
|
Thanks Yusufu,
those are combined ideas from different source on the net.
and sorry students, i have been using cafes lately as my ISP has been having problems activating my internet (Starcomms).
and i will appreciate it if Questions are posted on this thread so that other Pros here can help with it.
Thanks for the calls sha!
Just concluded another project yesterday, meaning more time to spend on this tutorials.
|
|
|
|
|
|
webdezzi (m)
|
Now, Lets add a row to our database, this row will hold the admin login and password, PLUS a unique text which act as an identifier to pinpoint at the row we are referring to. you will understand this in 1 second. run this query INSERT INTO `settings` ( `settings_name` , `first` , `second`) VALUES ('login', 'Admin', 'pass');
// Let us know if you have problem on how to run a query It is THAT easy to put data into our database. if you study the query very well, You will notice a strange character called Backtick (`) <--in the bracket it is below the esc and above tab on your keyboard. That character helps to tell mysql that this is not a reserved word, so in future, if "first" becomes a reserved word, then we are fine. after running that query, you should have a row in your database like in this image |
|
|
|
|
|
webdezzi (m)
|
to cheeck the user, we need to run a query that looks more like this.
SELECT username, password FROM settings WHERE settings_name='login' (let break the query to explain something)
with that "WHERE settings_name='login'" above, we have used the settings name to single out the row we want.
remember that there cant be 2 succh rows, WHY? because we have set the column named "settings_name" to unique when creating the table
that way, if we accidental enter something that already exist in that column, there will be an error, mysql will not accept it from us.
(lets conclude our query) AND username=what_the_user_submitted AND password=pass_user_submitted
How do we know what the user submitted.
let us code it
NOTE: it is common practice to write sql reserved words in caps, that way, it is easier to read, lower cases will do just fine, sql is case INsensitive
|
|
|
|
|
|
webdezzi (m)
|
First take a glance at this image below, we are going to be adding that little snippet above our Admin login page's HTML code. That is because we want that code to run, before the HTML cut and paste version if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username']!="" && $_POST['password']!="" )
{
//execute this code
} isset() in php helps to check if a particular variable is set, just as the name implies so we are simply checking if $_POST['username'] is set, if it exist, then php will run whatever is in this BLOCK below (take note of the word block, ppl use it a lot) { //execute this code } if it does not exist, then php will skip the block of code following it. This is logical, innit? we are logically telling php, Hey, if a user posts something to this page, and the name of the forrm element is username then run this code thats all. so if a user types that page to the URL (definitely, nothing was posted to the page) the php code will run but since the user did not post anything, it will not run the block, then the user gets to see the html that follows. he will then fill the form submit it to the same page. This time, the if statement will evaluate to true, meaning the block will be run. all we need to put in the block now if the php code to check the database if user name and password is correct or not. |
|
|
|
|
|
webdezzi (m)
|
Lets complete the explanation begging for answers (thats if u were following) if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username']!="" && $_POST['password']!="" ) the double && is used when you need to continue a check using "and", we also have || which means "or" . like we have above if posted username is set AND posted password is set AND posted username is not equal to nothing AND posted password is not equal to nothing Mind you!
The "and" means the joined checks must evaluate to true for the following block to run
for example
if(oranges=1000 AND apples=500){go to oyingbo market}
//then you count the fruits and you get 1000 oranges and 501 apples, then forget about oyingbo market, you cant go there
but lets assume you have OR instead of the AND, then you can go to that market because, one of the conditions is true.
then run the block "if" is one interesting construct, life will be difficult living without it. let say you have the task of accepting student data from a website and saving the data into different location based on their sexes, then based on their sexes, save it the second time based on their age group (say young and old) notice the else, am sure you understand what it does. if(userSex is male) { //run code that will check age group if(ageGroup=young) { //run code that will save data into young male category } elseif(ageGroup=old) { //run code that will save data into old male category } } elseif(userSex is female) { //run code that will check age group if(ageGroup=young) { //run code that will save data into young female category } elseif(ageGroup=old) { //run code that will save data into old female category } } You can see above that we have blocks of codes embedded in blocks of codes. there are many ways you can come up with solutions to that task, thats just to illustrate the usefulness of "if" there is another construct similar to if-else which is switch-case that, you will have to read up from your php manual or pray that we need it ahead. Now, let me expose you to these guys, $_POST, $_GET, $_COOKIE, $_SERVER, $_FILES, $_ENV, $_REQUEST, $_SESSION those guys are Arrays which exist throughout your entire script and you can access them at anytime. They can be empty at times though, they always exist for instance, say someone submits a form like we did using the POST method as in <form id="login_form" name="login_form" method="post" action="index.php"> automatically, the server saves the values in the ASSOCIATIVE $_POST array that way you can check the array and get which of the data you want. to access the exact data you want from the array, you just have use the name of the field <input name="username" type="text" id="username" /> like in that HTML, the name is username so to access what the user submitted as username, it's just a matter of $_POST['username'] if you still dont get this, think of (arrays of submitted data) as (fleet of cars) if you need a camry, you will just take the key to the camry, then you have your camry note that the key is NOT the camry, it only gives access to the camry. same way $_POST['username'] is just a key (infact, in php, the "username" inside the $_POST[ ] will be called an array key) enabling us to access it's corresponding value. |
|
|
|
|
|
*dhtml (m)
|
Na wa o, guy you never cease to amaze me. So much details, i hope the students are following all this!!
|
|
|
|
|
|
webdezzi (m)
|
yes they are following, I just hope they will post questions here so that others can learn while. And worth the note: We will be having a seminar on the 5th of March in Osun State (I chose my root first  ) If you live very close to Osun state and you dig my tutorials, You can reserve a space. Call me on 08029037890. For my state, I decided it will be N5,000 per participant. Other states will follow and will range from N15, 000 to N20,000. Its going to be 100% practical as we will be building a website for a fictitious school in osun state. |
|
|
|
|
|
RuuDie (m)
|
@ webdezzii,
thanks man. . . . . can u send me an e-book on PHP or point me to where i can get 1, please?
|
|
|
|
|
|
Guardian (m)
|
I noo lie www.2advanced.comNa FIREEEEEE I stubled on this site becos I'm in search of creative and talented web developers in house for my company. But sadly I can't find any. When would we have local web developers just like 2advanced. They are not the best, but look at the concept. am out |
|
|
|
|
|
webdezzi (m)
|
trust me, you are not alone on this.
I studied that swf sometime in 2007. It rocks. At that time, i think i was the best flash site.
i've seen more recently though
took another look and it looked like OMG!.
|
|
|
|
|
|
RuuDie (m)
|
Great job webdezzi. . . . . u d'on do more than well sef!
Abeg, is there any other way of creating tables with mySQL. . . . . . the interface is quite bamboozling!
|
|
|
|
|
|
*dhtml (m)
|
How much will webmasters like me from NL pay to come to the seminar? And how are you arranging to transport us there from nairaland. . .
|
|
|
|
|
|
webdezzi (m)
|
DHTML, lol just trying to teach the little i know. Not really for the money. we did it last week i guess it was d location. Crowd wasn't as i thought it wud be, but compared to some seminars i've been to. We thank God.
@Ruddie, You mean you find phpmyadmin interface bamboozling and not mysql interface.
mysql is the database server running more like a background process. Phpmyadmin only helps to make that background process visible so u can manage it.
take mysql as the internet and phpmyadmin as your web browser
the internet is there, but may be difficult or complex if you have to use DOS to browse the web. so your browser makes it simpler.
about your question, Yes, you can create tables by typing the queries dirrectly in the sql window, infact, you can do anything mysql permits right inside phpmyadmin.
you can even manage mysql using the ugly command window
|
|
|
|
|
|
*dhtml (m)
|
Good for you. . .maybe me too should start organizing seminars. . .
@topic: phpmyadmin interface is not hard to figure out once you know
the pros and cons of mysql language and database structures.
|
|
|
|
|
|
chukslist (m)
|
I had no idea we had so many outstanding developers in Nigeria, this is amazing stuff guys! Based on your expert web design abilities, kindly take a look at www.chukslist.com and let me know how good a job you think my techs did, ~Thx |
|
|
|
|
|
*dhtml (m)
|
Outstanding. . .kudos to you jare, webdezzi is my man anytime. . .
|
|
|
|
|
|
emmakc (m)
|
I am a graphic designer, i like to know how to design and launch my own website. I hope am not too late to the class. Emmakchinedu@yahoo.com |
|
|
|
|
|
daryy
|
Very useful! Iti s good job!
|
|
|
|
|
|
webfingers
|
Pleas am having problem previewing my asp.net page in dreamweaver 8. any help pls.
|
|
|
|
|
|
webdezzi (m)
|
Well, i am afraid, you will av to create a thread for asp.net help.
|
|
|
|
|
|
webdezzi (m)
|
Next we need to write a script that will compare the submitted username and password against what we already have in the database.
remember we already have the username and password stored in the database, so we just check against it.
Since the only way to communicate to the database is through sql queries, we will need to build our query and with the help of php, we will push our queries to mysql and wait for mysql to give us result.
since it is possible to get database entries from mysql using the "SELECT" statement. i.e select * from database.table,
so we will cleverly use this same SELECT statement to get what we want. How? watch.
SELECT * FROM settings WHERE first= 'userSubmittedUsername' AND second= 'userSubmittedPassword' AND settings_name='login'
Please note that i have tweaked the settings table to fit my needs, you can decide to come up with your table name as admins instead of settings. thats fine
u can also decide to do away with the settings_name column, thats also fine. Infact you can name your table columns username and password instead of first and second as i named mine.
just make sure your query reflects what you have.
The query above will definitely send us a result if the database returns any result.
and the database will return a result only if the conditions (WHERE first= 'userSubmittedUsername' AND second= 'userSubmittedPassword' AND settings_name='login') is true On any row.
else, it returns nothing.
all we then need to do is check if the database returned something or not. If it does, then the user credentials are correct and we give him access to the admin pages.
so lets go ahead with the php code to handle this
|
|
|
|
|
|
webdezzi (m)
|
this code simply sums up all we need to do, THOUGH IT IS RIDDLED WITH BOTH ERRORS AND HOLES it is a clear picture of what we need to do. Dont worry, we will fix these errors. <?php
if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username']!="" && $_POST['username']!="" )
{
//execute this code
include("(double dots here)/conn.php"); // i really cant figure out why seun will not let us use dots, just like strict XHTML, hisses
mysql_select_db('tut99',$conn);
$result = mysql_query("SELECT * FROM settings WHERE first= '$_POST['username']' AND second= '$_POST['password']' AND settings_name='login'");//
$totalNumberRow=mysql_num_rows($result);
if($totalNumberRow){
//code to redirect user to admin area
header("Location: adminArea.php");
exit();
}else{
//code to send user back to login page, since there is no such user
}
?>
html codes here, |
|
|
|
|
|
webdezzi (m)
|
now let break down some complicated stuffs in the above snippet.
the include helps retrieve a file elsewhere and makes it's content available to the script above, including variables and functions.
that way, we are able to manage parts of the code, like for instance we can change the database setting in the included file and it affect all the site pages.
the is one inefficiency i will first like to deal with.
that is mysql_select_db('tut99',$conn);
we have inserted the database name "tut99" directly in this page, lets say we changed our database name in the future, then this approach means we must be ready to start opening all our files and start changing the database name. I think it is better to have it defined in our include file then use a variable here instead.
the next line is riddled with both errors and sql injection vulnerabilities
$result = mysql_query("SELECT * FROM settings WHERE first= '$_POST['username']' AND second= '$_POST['password']' AND settings_name='login'");
first we handle the errors.
In php, we can concatenate (join 2 things together to form one) with dot (.)
e.g
$thirdThing="this is the third thing";
echo "This is the first thing"."this is the second thing".$thirdThing;
notice how we joined them
We joined 2 strings with dots, then joined a variable to it also ote that variables need no double quotes
so lets correct this
$result = mysql_query("SELECT * FROM settings WHERE first= '$_POST['username']' AND second= '$_POST['password']' AND settings_name='login'");
to
$result = mysql_query("SELECT * FROM settings WHERE first= ".$_POST['username']." AND second= ".$_POST['password']." AND settings_name='login'") or die("error occured!");
security wise, this line can still be exploited like we have below, this is the expected sql query
SELECT * FROM settings WHERE first= 'admin' AND second= 'pass' AND settings_name='login'
what if the user supplied something like admin as username and ' or 1=1/* as password,
the we have something like this
SELECT * FROM settings WHERE first= 'admin' AND second= '' or 1=1/*' AND settings_name='login'
/* will comment out everything at the back of the query and will return true cos 1 will always be equal to 1
and boom, the user logs in as admin.
another thing will like to add to it for newbies is
DO NOT USE "or die(mysql_error())", use or die(redirect())
redirect() can be a custom function like this
function redirect(){header('Location: '.$_SERVER['PHP_SELF']); exit();}
This is because mysql_error() helps attackers with useful info while plotting their attacks
to correct the above, it is good practice to run your user submitted data through any of the available security functions available in PHP
example is mysql_real_escape_string()
something like this
$_POST['username']=mysql_real_escape_string($_POST['username']);
we have now updated the array element
We will reserve security issue till we finish the whole application, you will know why very soon
the rest of the code is clear enough, next i will post a working updated version of the software
|
|
|
|
|
|
RuuDie (m)
|
put this code in a page to retrieve values from a table and display on the page
<?php
$user_name = "root";
$password = "";
$database = "onlineDating";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM tbl_userslogin";
$resultz = mysql_query($SQL);
while ($db_field = mysql_fetch_assoc($resultz)) {
print $db_field['username'] . "<BR>";
print $db_field['password'] . "<BR>";
}
mysql_close($db_handle);
}
else {
echo "Database NOT Found ";
}
?>
but i keep getting this message on the page when it loads,
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\wamp\www\onlineDating\login.php on line 16
can somebody pls help to explain this; how do i go about it?
|
|
|
|
|
|
RuuDie (m)
|
@ webdezzi, If you have a manual / e-book for this PHP/MySQL-website design issue, please send to me. . . . . < ruudsoftware@yahoo.co.uk> or kindly point me to where i can get 1, please! |
|
|
|
|
|
webdezzi (m)
|
@rudie, your code is correct, I guess u removed 2 lines from your code b4 posting it, that error points to line 16. looking thru your code, i think it will be better if u use localhost in place of 127.0.0.1, that way, u wont need to change it on your production server. thats my workflow, u dont need to follow it though. as per the manual, The best manual i've seen so far is the php manual. Most tutorials out there rely on this same manual download it here http://ar.php.net/distributions/manual/php_manual_en.chm |
|
|
|
|
|
RuuDie (m)
|
@ webdezzi,
Thanks man. . . . sorted that bit out, wasn't much wrong there - about your advice, think i'll stick to your workflow, thanks again!
|
|
|
|
|
|
Uwadiegwu1
|
Hello Guys, I was just browsing online and found another great website called www.eggosbase.com. I really like the design and it is very easy to navigate like craigslist. The website has several features such as you able to save your search and come back to it, add posters to favorites, find another item from the poster of a particular item, Print, Comment on ad, Preview, Delete, Repost, Edit, Unlimited Pictures to your ad, Able to share your ads with your friends in cool places like Facebook, Myspace, Twitter and other features which enable users browse the categories including Community. In order to post you will first need to sign up which is optional. The site also offers a forum where users can come together and discuss all sorts of things. |
|
|
|
|
|
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
www.stylezbeauty.com.gif (33.4 KB, 717x475 )
