PHP accessing MySQL

Portal Home > Knowledgebase > Articles Database > PHP accessing MySQL

Posted by Kolusion, 08-23-2011, 09:13 AM
An hour and a half ago I decided to learn MySQL. I have never hated learning something like this ever before! I would rather read Microsoft Office tutorial! Anyhow, I probably need to learn MySQL. Lets say I create a database called "Blue Team" ok? and that team is made up of Tom & Con. How can I make it so PHP can check? Lets say someone clicks on 'view current team members' via a hyperlink on a webpage, like, how can I induce an action for PHP to check the MySQL database?
Posted by Martin-D, 08-23-2011, 09:43 AM
Rewind slightly. You're trying to do brain surgery before slipping out your mothers womb. 1) Learn about MySQL DB's, structures and tables. 2) Learn about PHP, basic PHP applications. 3) Learn how PHP and MySQL can interact with each other 4) Write a script to check the data you've stored in your MySQL DB. It's really not as quick as you're thinking. It takes time and effort to learn these things and if you've only started reading about MySQL a few hours ago and are already hating it, you've got a long, long way to go.
Posted by Kolusion, 08-23-2011, 09:46 AM
I've decided to use PHP with a file database. I know their old fashion now but I feel comfortable with them. I've had great success with it and I've only been using PHP for three days. ... I have got a bit of Python experience though, where I was using the same concept. My file data base won't have the limitation of a flat-file database though, because I will be using multi-files, and each file will be related to the entity it represents. Last edited by Kolusion; 08-23-2011 at 09:50 AM.
Posted by jagarco, 08-23-2011, 11:17 AM
Using PHP without knowing how to use DB is wasting lots of potential. There is SQL Queries, the language to communicate to a DB, and then there are the DB servers... like mySQL. You need to learn DataBase design, its normalization process. Then learn SQL Queries with mySQL lots of tutorials online Then learn how to make PHP connect and communicate with the MySQL Server. Then wait to be hacked.. he he. Nah, seriously, for now you may leave security aside just for learning... BUT, if is a business project and you don´t take security measures..., the system can be hacked. Last edited by jagarco; 08-23-2011 at 11:22 AM.
Posted by Kolusion, 08-23-2011, 11:34 AM
My biggest problem is I lack time to learn all that stuff. This PHP style database will provide me everything I need. This is a small business project that will be handling credit card information directly via form input, which I will relay onto a payment via a payment services API, using PHP. All will be done with SSL of course. My site is not a complex site, so there is very little attack points.
Posted by jagarco, 08-23-2011, 11:39 AM
Ok then, if it works. On my 10 years of PHP/MySQL programming I had never have the need to create a function..., just IFs, WHILEs and DB connections.
Posted by Kolusion, 08-23-2011, 11:41 AM
It already is working, but I am having a little issue. Would like to hear the issue?
Posted by lynxus, 08-23-2011, 11:44 AM
http://www.tizag.com/phpT/ and http://www.tizag.com/mysqlTutorial/ Will help LOTS. Simply read them and you will know how to do it. ( Not long tutorials either.. )
Posted by jagarco, 08-23-2011, 11:45 AM
Sorry, don´t have time, but I guess it would be good to mention it here so you may get help. And if is about files, I haven´t used files for some years.
Posted by Kolusion, 08-23-2011, 11:48 AM
Its in its own thread: http://www.webhostingtalk.com/showthread.php?t=1076174
Posted by Martin-D, 08-23-2011, 12:36 PM
You're planning on storing credit card information in a flat file?
Posted by Kolusion, 08-23-2011, 12:40 PM
Sure...... it won't be a single file, each user will have their own specific file in their own directory that contains the credit card information.
Posted by Martin-D, 08-23-2011, 12:45 PM
And these are going to be sitting on a server/hosting account on a public server?
Posted by Kolusion, 08-23-2011, 12:46 PM
No. My server belongs to me and is located on my own property using my own internet connection. Last edited by Kolusion; 08-23-2011 at 12:53 PM.
Posted by node, 08-23-2011, 12:55 PM
Hope you realize that its illegal to store customer information in plain text without the right compliance such as the PCI.
Posted by Kolusion, 08-23-2011, 12:57 PM
Thanks for the information, but I think your assuming I live in your country - which I probably don't.
Posted by Martin-D, 08-23-2011, 12:59 PM
Doesn't matter where you are, it's the card providers/processors that state is as a requirement. IF you're in Australia then yes, you still need to be PCI Compliant.
Posted by Kolusion, 08-23-2011, 01:00 PM
I'll come up with something then when the time comes..
Posted by Martin-D, 08-23-2011, 01:02 PM
facepalm* No. You need to think about it NOW before you go any further because that will affect how you move forward and 'develop' whatever solution it is you're trying to come up with.
Posted by Kolusion, 08-23-2011, 01:08 PM
I have already planned ahead everything! The machine that holds the credit card information won't be the server. The server will be fetching it from a server dedicated for handling credit card information, on the LAN. I will setup traps on the server so if something happens on it that shouldn't be, it will power down or something extreme as such. I don't know how I am going to do it, but as I said - I will come up with something. My servers will be netbook computers. Their so cheap right now, like $250 each. Running Linux.. Beautiful!
Posted by node, 08-23-2011, 01:10 PM
How will you ensure credit card data can't be hijacked?
Posted by Techy, 08-23-2011, 01:11 PM
You should probably have a look https://www.pcisecuritystandards.org/index.php and do some research as well.
Posted by Kolusion, 08-23-2011, 01:12 PM
Credit card companies wouldn't know if I was storing in plain-text anyway. I'll look into an encryption system later. I have thought of all of this already, its just not time to look into it yet.. Man, I'm still coding my site in HTML. The problem with all these big people that get hacked is they ain't keeping their server simple. The fact their HTML isn't even standard compliant tells me enough that the administrators of that server are slack asses that have a "oh, it works thats good enough" mentality. I am not like this. I keep my server simple and as professional as can be. I am creating all my own database systems, simple flat-file, but its that simplness that will make me more secure. I won't need to worry about SQL injections and exploits. God I hate SQL. Last edited by Kolusion; 08-23-2011 at 01:17 PM.
Posted by node, 08-23-2011, 01:16 PM
That's illegal any country, you would have trading standards shut you down quicker then your first sale.
Posted by Kolusion, 08-23-2011, 01:20 PM
I cannot be closed down because I ask for credit card information. Theres no law that says I can't hold onto information someone gives me. This is Australia mate we don't have that police state **** over here, yet. Anyway, I think flat-files are awesome. I used SQL tonight OMG what a POS. I felt like I was living in 1970 or something... Such an unpractical interface.
Posted by node, 08-23-2011, 01:23 PM
And? Even legally in Austrailia you have to be PCI compliant to accept credit cards as stated several times in this thread.
Posted by Kolusion, 08-23-2011, 01:24 PM
Don't tell me Australian law mate, unless your Australian. If your so sure tell me which law. I will look into it. I actually was going to look into credit card law when the time came, and I am expecting conditions from payment system. What I do know is that its not illegal in Australia to store information someone has freely given you. I don't want some 3rd party gateway that lacks stand compliant code associated with my website. I want to present my customers my own branded payment system thats build into my site. Ever seen that crap service by Valve Software called Steam? they have a good example of what I want to do, done right, except they don't store credit card information. I believe its illegal in the U.S.A. to do so. Storing credit card information will help impulse purchases. Thats why I am gonna do it. When people get up to go and get their credit card, it might make them come to their senses that they can't afford it lol. So.. Have it their already for them (as long as they have opted-in for me to store it). Last edited by Kolusion; 08-23-2011 at 01:33 PM.
Posted by NameVictor, 08-23-2011, 01:41 PM
and what happens if someone breaks into your house and steals your computers? They are going to think Christmas has come early with all them credit card details on it. Then, when your customers find out that those thief's gained their credit card details from your unencrypted system, will you have enough money to deal with the lawsuits? From both your customers, and possibly even the card issuers. You really have not thought this out at all.
Posted by Martin-D, 08-23-2011, 01:45 PM
OK. Some simple words for you to understand. I'll act the 'idiot' as you so eloquently put it. 1) You take credit card information from a customer for whatever you're selling (be it a product or service) 2) You processes that card information via which processor/gateway you choose to get payment. 3) The credit card companies sees this payment coming through and from whence it came. Outcome - Credit card company knows you've taken their details to make a payment. They can check you for PCI compliance. You'll fail. You're then fined/charged and immediately go out of business because you didn't heed the warnings of 'idiots' and 'soft ****s' on WHT. I presume you'll be telling your potential customers that their credit card information is stored on a server, unencrypted and in a non-pci-compliant manner? Incidentally, it doesn't matter if someone is Australian or not. We're all professionals here (mostly) and we know what rules and standards we need to comply to. Just to further my point: http://www.webhostingtalk.com.au/run...-yet-8577.html http://www.cio.com.au/article/365805...pliance_savvy/ Further information on PCI Compliance: https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org.../documents.php
Posted by Kolusion, 08-23-2011, 01:46 PM
file volume level encryption.
Posted by Martin-D, 08-23-2011, 01:46 PM
LOL Ok. It's people like you who cause these problems in the first place and give the rest of us a bad name. Give up already.
Posted by node, 08-23-2011, 01:48 PM
It doesn't cost alot if your a real legitmate business. I'm 99% sure Valve have PCI compliant as they take credit cards inhouse. Maybe you should take time reading your laws; http://www.accc.gov.au/content/index.phtml/itemId/54090 VII: Business-to-consumer electronic commerce should be conducted in accordance with the recognised privacy principles set out in the OECD Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data (1980), and taking into account the OECD Ministerial Declaration on the Protection of Privacy on Global Networks (1998), to provide appropriate and effective protection for consumers. This includes PCI compliance. So take your time before you go mad
Posted by Kolusion, 08-23-2011, 01:49 PM
Thanks node!
Posted by KMyers, 08-23-2011, 01:56 PM
Hello,
Posted by yogieaw21, 08-23-2011, 06:08 PM
Let him do what he wants.. I reckon that all we have to do is just sit tight and see what ever the outcome might be.
Posted by martinsteve, 08-25-2011, 02:54 AM
Thanks for the list it is very helpful.
Posted by speckl, 08-25-2011, 11:05 AM
Oh dear god. You made my heart stop. You know next to nothing about php and mysql and you are programming a form to accept credit card payments? Honestly, why bother with the SSL?
Posted by lynxus, 08-25-2011, 11:45 AM
Not to mention the lovely fines from the PCI-DSS police.
Posted by NameVictor, 08-25-2011, 01:19 PM
The OP will not be responding as his account at WHT has been disabled.

Add to Favourites Print this Article

Knowledgebase

Knowledgebase

PHP accessing MySQL

Contact us