Need direction on software to reach goal
I need to create a local website (Apache) that connected to a database (mysql).
To this point I know how to install and configure both Apache and Mysql but not how to connect an webpage to a database so it can update the database. What I'm trying to build: Need a local website which I can submit data to field and "hit save" which will update my mysql database. Multiple places on the net say the LAMP can do this but its make them work together is what I need help with. |
One doesn't "connect a web page to a database" exactly. A short explanation:
A web page presents a form to accept the data and then it Calls a script (in PHP -- that's the P in LAMP -- although I personally prefer perl) to process the data and write it to the database. So...you need to be able to create a web page that displays a form; then you need to create a script in PHP, perl, or maybe Python to "read" the data from the form and update/insert it into the database. w3schools.com is a good starting place for html and php. perl.org has tutorials about writing perl. Please let us know what you already know about writing code, and we'll try to point you in helpful directions. |
Quote:
Since my LAMP stack will be located on one server with a very simple database, I feel I can handle it. I'm going to get my LAMP stack installed on the server, created my database, then use the link you provided to attempt to create a form that would update my database fields. If I'm missing something in my attack plan do let me know. |
Quote:
An html form calls a script (see the action= in the <form> tag syntax); the script is what updates the database. I see, basically, three steps. 1. Create the database in MySQL (the M in LAMP) [maybe use phpMyAdmin to administer your database] 2. Create the web page with a form 3. Create the server-side script to process the data. Note that you can input data with phpMyAdmin. It provides forms for that purpose, but if you need something to be used by several users, it's probably not the user-friendliest way to do that. HTH |
If this website is going to be strictly local and not public-facing, you might want to take a look at XAMMP.
I recently did a podcast about using it at Hacker Public Radio. Most distros offer a meta-package that will install the LAMPP stack all at once. Check the package manager of the distro on the computer you wish to use it on. |
Turnkey linux has some VM images that are built with little security but a great way to test out stuff.
This is pretty old but I think still usable. https://www.linuxjournal.com/article/7937 |
Quote:
|
Quote:
|
Been a couple of weeks now and I'm still stuck.
So far I've been able to install php, apache & mariadb without issue. I can create databases and their needed tables. My problem is I'm still not able to insert data from a from into the database. Maybe you guys can see where I'm going wrong with the form. I used the very short tutorial here http://phpeasystep.com/mysql/5.html This is what my database looks like (using the root user to connect while testing): Quote:
|
Create this script and save it to your www directory as phpinfo.php. Open your web browser and type in localhost/phpinfo.php, if you see output you know that php and apache are working. You can scroll down to just the module information to verify if mysql is present. That would indicate that mysql should work with php.
Code:
<?php |
Quote:
insert.php Quote:
Quote:
|
You're progressing. It will help readability if you post the code in [code] [/code] tags. That will preserve the white spaces, for example.
Though I greatly prefer perl with FastCGI to PHP, the latter is still common. With the PHP you show, there are three very, very important things to do with web forms to save grief: One is to do all develpent off the open Internet. Set things up so that only you have access to the UI you are working on. Often that means using localhost or the LAN (with packet filtering or htpasswd or both). Another is to clean or "validate" all incoming fields and data. Don't trust it a bit. Test it for what should and shouldn't be there and fail safely if something is wrong before passing that data to the database. What would happen, for example, if someone submitted "; drop table mysql;" or something like that as the field "name" in the form there? The other is to use placeholders via prepared statments. That uses prepare to create a query or a formula for a query. Then it is executed. Sometimes the prepared query is reused and placeholders stand in for the variables that change. That speeds up interaction with the database and increases the difficulty of accomplishing an injection attack. |
All times are GMT -5. The time now is 04:38 PM. |