Hi I am new to php and most other things, I am trying to make a form on my website to take users details for membership purposes. This data will be stored in a mysql database. What I have at the moment is a plain html form that posts the user input to a php script which then puts the data in the database. Is there a better way of doing this (could this proccess be done with a single php script) or am doing the right thing. Any suggestions and input would be greatly appreciated.
bjg5858
0
Newbie Poster
Recommended Answers
Jump to Postyou are doing the right thing
Jump to PostRead up on password sniffing. It's great if your server is secure, but if the user is on a LAN then it's still possible to get hacked.
Good rules for any database:
1.) Never pull a password out of the database. Once it is in, …
All 7 Replies
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
you are doing the right thing
bjg5858
0
Newbie Poster
Cheers...
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
yeah its standard to have an HTML form posting data to a PHP processor page
If you are new to php and want to see an example of inserting/editing/deleting data in a mysql database and creating tables/databases then please send me a Personal Message from my profile page, and ill send you a link to a simple news management system i made. (the whole thing is under 15 pages of code, nicely formatted, no superflous stuff)
steven509
0
Newbie Poster
If your storing passwords in a database its always best to encrypt them in sha-1 or atleast md5.
Also make sure your validating the data from the html form, just incase.
bjg5858
0
Newbie Poster
Probably a silly question but why is it neccesary to encrypt the passwords if the web server is secure.
steven509
0
Newbie Poster
It's possible that the server is secure but someone can still exploit a bug in your code which could display user passwords. It's always better to be safe then sorry ^^
buddylee17
216
Practically a Master Poster
Read up on password sniffing. It's great if your server is secure, but if the user is on a LAN then it's still possible to get hacked.
Good rules for any database:
1.) Never pull a password out of the database. Once it is in, it stays there. You can look for it in the query, but don't pull it out.
2.) You should never know your users actual password. This means that every password is encrypted before it gets to the database. This will make it much more difficult for a sniffer to intercept it and successfully login.
iamthwee
commented:
I like!
+13
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.