LinuxQuestions.org - Need direction on software to reach goal

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - Need direction on software to reach goal (https://www.linuxquestions.org/questions/linux-software-2/need-direction-on-software-to-reach-goal-4175610419/)

Need direction on software to reach goal

I need to create a local website (Apache) that connected to a database (mysql).

To this point I know how to install and configure both Apache and Mysql but not how to connect an webpage to a database so it can update the database.

What I'm trying to build:
Need a local website which I can submit data to field and "hit save" which will update my mysql database.

Multiple places on the net say the LAMP can do this but its make them work together is what I need help with.

One doesn't "connect a web page to a database" exactly. A short explanation:
A web page presents a form to accept the data and then it
Calls a script (in PHP -- that's the P in LAMP -- although I personally prefer perl) to process the data and write it to the database.

So...you need to be able to create a web page that displays a form; then you need to create a script in PHP, perl, or maybe Python to "read" the data from the form and update/insert it into the database.

w3schools.com is a good starting place for html and php. perl.org has tutorials about writing perl.

Please let us know what you already know about writing code, and we'll try to point you in helpful directions.

Quote:

Originally Posted by scasey (Post 5738711)

I don't know anything about writing code (I have using html in the pass to make basic websites). I have also installed php from source (to support a webdev).
Since my LAMP stack will be located on one server with a very simple database, I feel I can handle it.
I'm going to get my LAMP stack installed on the server, created my database, then use the link you provided to attempt to create a form that would update my database fields.
If I'm missing something in my attack plan do let me know.

Quote:

Originally Posted by vwtech (Post 5738714)

You're on the right track, but creating a form is only the first step, you will also need to create a script that runs on the server to read the data from the form and update the database.
An html form calls a script (see the action= in the <form> tag syntax); the script is what updates the database.
I see, basically, three steps.
1. Create the database in MySQL (the M in LAMP) [maybe use phpMyAdmin to administer your database]
2. Create the web page with a form
3. Create the server-side script to process the data.

Note that you can input data with phpMyAdmin. It provides forms for that purpose, but if you need something to be used by several users, it's probably not the user-friendliest way to do that.
HTH

If this website is going to be strictly local and not public-facing, you might want to take a look at XAMMP.

I recently did a podcast about using it at Hacker Public Radio.

Most distros offer a meta-package that will install the LAMPP stack all at once. Check the package manager of the distro on the computer you wish to use it on.

Turnkey linux has some VM images that are built with little security but a great way to test out stuff.

This is pretty old but I think still usable. https://www.linuxjournal.com/article/7937

Quote:

Originally Posted by frankbell (Post 5738768)

While browsing tutorials on LAMP I noticed others using XAMMP and phpMyadmin. I'm only going to use the cli for this small project so as to reinforce the usage and commands of using a mysql database. I'm sure if I do more in-depth projects in the future I'll try phpMyadmin out. I'm wondering if LAMP work falls under Devops, Webdev or both?

Quote:

Originally Posted by vwtech (Post 5739657)

I'm wondering if LAMP work falls under Devops, Webdev or both?

Both . . .

Been a couple of weeks now and I'm still stuck.
So far I've been able to install php, apache & mariadb without issue.
I can create databases and their needed tables.

My problem is I'm still not able to insert data from a from into the database.
Maybe you guys can see where I'm going wrong with the form.

I used the very short tutorial here http://phpeasystep.com/mysql/5.html

This is what my database looks like (using the root user to connect while testing):

Quote:

Create this script and save it to your www directory as phpinfo.php. Open your web browser and type in localhost/phpinfo.php, if you see output you know that php and apache are working. You can scroll down to just the module information to verify if mysql is present. That would indicate that mysql should work with php.

Code:

<?php

// Show all information, defaults to INFO_ALL

phpinfo();

phpinfo(INFO_MODULES);

?>

There could be syntax errors in your code. Have you check the apache logs for errors? If in doubt post your code.

Quote:

Originally Posted by michaelk (Post 5746172)

Code:

<?php

// Show all information, defaults to INFO_ALL

phpinfo();

phpinfo(INFO_MODULES);

?>

There could be syntax errors in your code. Have you check the apache logs for errors? If in doubt post your code.

I'm going to review apache logs tonight.

insert.php

Quote:

<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form name="form1" method="post" action="insert_ac.php">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>
<tr>
<td width="71">Name</td>
<td width="6">:</td>
<td width="301"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>Lastname</td>
<td>:</td>
<td><input name="lastname" type="text" id="lastname"></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>

insert_ac.php

Quote:

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="None33hello"; // Mysql password
$db_name="test"; // Database name
$tbl_name="test_mysql"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form
$name=$_POST['name'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];

// Insert data into mysql
$sql="INSERT INTO $tbl_name (name, lastname, email) VALUES ('$name', '$lastname', '$email')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}

else {
echo "ERROR";
}
?>

<?php
// close connection
mysql_close();
?>

You're progressing. It will help readability if you post the code in [code] [/code] tags. That will preserve the white spaces, for example.

Though I greatly prefer perl with FastCGI to PHP, the latter is still common. With the PHP you show, there are three very, very important things to do with web forms to save grief:

One is to do all develpent off the open Internet. Set things up so that only you have access to the UI you are working on. Often that means using localhost or the LAN (with packet filtering or htpasswd or both).

Another is to clean or "validate" all incoming fields and data. Don't trust it a bit. Test it for what should and shouldn't be there and fail safely if something is wrong before passing that data to the database. What would happen, for example, if someone submitted "; drop table mysql;" or something like that as the field "name" in the form there?

The other is to use placeholders via prepared statments. That uses prepare to create a query or a formula for a query. Then it is executed. Sometimes the prepared query is reused and placeholders stand in for the variables that change. That speeds up interaction with the database and increases the difficulty of accomplishing an injection attack.