Hi I am new to php and most other things, I am trying to make a form on my website to take users details for membership purposes. This data will be stored in a mysql database. What I have at the moment is a plain html form that posts the user input to a php script which then puts the data in the database. Is there a better way of doing this (could this proccess be done with a single php script) or am doing the right thing. Any suggestions and input would be greatly appreciated.

yeah its standard to have an HTML form posting data to a PHP processor page

If you are new to php and want to see an example of inserting/editing/deleting data in a mysql database and creating tables/databases then please send me a Personal Message from my profile page, and ill send you a link to a simple news management system i made. (the whole thing is under 15 pages of code, nicely formatted, no superflous stuff)

If your storing passwords in a database its always best to encrypt them in sha-1 or atleast md5.

Also make sure your validating the data from the html form, just incase.

Probably a silly question but why is it neccesary to encrypt the passwords if the web server is secure.

It's possible that the server is secure but someone can still exploit a bug in your code which could display user passwords. It's always better to be safe then sorry ^^

Read up on password sniffing. It's great if your server is secure, but if the user is on a LAN then it's still possible to get hacked.

Good rules for any database:

1.) Never pull a password out of the database. Once it is in, it stays there. You can look for it in the query, but don't pull it out.

2.) You should never know your users actual password. This means that every password is encrypted before it gets to the database. This will make it much more difficult for a sniffer to intercept it and successfully login.

Comments
I like!
This article has been dead for over six months. Start a new discussion instead.