Honesty Rocks! truth rules.

Php Questions?! From: alex1985

HOME      >>       Programming

alex1985

Listen, as I'm novice in PHP, I will ask certain questions in this topic hoping on your contribution.

$dbhost='.....';

<?php//The Database Information//$dbhost='localhost';$dbname='alex1985_test';$dbusername='alex1985_admin';$dbuserpass='0505009127';//Creating Connection To The Database//mysql_connect ($dbhost, $dbusername, $dbuserpass);//Select The Certain Database//mysql_select_db ($dbname) or die ('Can Not Select Database');

<?php//Start The Session////Always Must Be On Top//session_start();//Include Configuration File//include('config.php');?>

There are questions which I derived practicing the coding:1. Do you put spaces between words and brackets, as well as comas when you do coding. For instance, $dbhost, $dbusername. Is it right, or you do not have to use space between.2. On some tutorials, the users have been used the character ', some of the are using ". What is the different between them. Can I use ' or ". or it does not matter everything.There are many aspects that I wanna ask you about.Could check the coding format, and tell me about the mistakes I did. Please, let me know as soon as possible.


rvalkass

$dbname='alex1985_test';

$dbusername='alex1985_admin';

$dbuserpass='0505009127';

//Creating Connection To The Database//

mysql_connect ($dbhost, $dbusername, $dbuserpass);

//Select The Certain Database//

mysql_select_db ($dbname) or die ('Can Not Select Database'); linenums:0'><?php//The Database Information//$dbhost='localhost';$dbname='alex1985_test';$dbusername='alex1985_admin';$dbuserpass='0505009127';//Creating Connection To The Database//mysql_connect ($dbhost, $dbusername, $dbuserpass);//Select The Certain Database//mysql_select_db ($dbname) or die ('Can Not Select Database');


Just a pointer, you don't need to finish a comment with //. There are two sorts of comments in PHP - single line and multi-line. The single line comment is started with a // and applies from that point until the end of the line. This means you can place it after a line of code, like this:

 

$username = 'alex1985'; // This is the username you log in with

A multi-line comment applies over multiple lines, and does require you to finish it. It is started with /* and ends with */

The advantage, of course, is that you can have much longer comments without really long lines:

 

/* This function does something really cool. You can pass it all sorts of variables. Actually, it is quite pointless.*/function pointless(){ return true;}

1. Do you put spaces between words and brackets, as well as comas when you do coding. For instance, $dbhost, $dbusername. Is it right, or you do not have to use space between.

It doesn't make any difference, but generally people put spaces in to make their code easier to read. For example, the second example here is much easier to read than the first example:

 

$dbh=mysql_connect($host,$username,$password)://Connect$dbh = mysql_connect($host, $username, $password); // Connect

It is up to you to code how you want, but generally spaces are put after commas (i.e. in a list of parameters or variables) and around binary operators (=, +, -, *).

 

2. On some tutorials, the users have been used the character ', some of the are using ". What is the different between them. Can I use ' or ". or it does not matter everything.

The single quote character takes its contents literally. Nothing placed in single quotes is parsed. This makes it faster, and more secure, but limits the uses.

 

The double quote character parses its contents. That makes it slower, but a bit more useful.

 

For example:

 

$number = 7;echo 'The \n number \n was... \n $number';echo "The \n number \n was... \n $number";

Would output:

 

From the first echo (single quotes):

 

The \n number \n was... \n $number

 

From the second echo (double quotes):

 

The

number

was...

7



alex1985

So, spaces are allowed?!For instance, if(...some function...) and if (...some function...), is it right or wrong?Can use both of them or not?


rvalkass

You can use either of them and they will both work perfectly well. It depends entirely on your coding style as to which one you want to use. It is generally advised to add whitespace wherever it will make the code easier to read. So, if you look at a line, and you think it looks a little bit squashed, add some spaces in to make it easier to read.

Tabs are also a good idea to represent subsections of code. For example, in an if statement, the code that is executed is usually tabbed in, to separate it from the 'main' code:

if ($var == $var2){ echo 'They are the same';}else{ echo 'They are not the same';}


alex1985

OK. When you put equal sign in the coding, do I have to make spaces as well? Or generally both of them will be working?!


rvalkass

As has been said, you do not need spaces. It will work whether they are there or not. However, they are generally added to make it easier to read.


alex1985

Thanks for your previous replies, were really helpful! How do I protect my user passwords in my database. If someone hacked the database, it was really hard for him to get passwords from that database. Please, list all good ways to do that.


jlhaslip

The most common method is to 'encrypt' the user_password before you store it into the file or Database.
Then you need to encrypt the input before you compare the entry to the stored value. If they encrypted input is the same as the encrypted stored value (using the same encryption method, then the user is validated.

*EDIT*
In register.php, this is the insert command I use:

$query = "INSERT INTO users ( first_name, last_name, email, password, registration_date, phone, cell, level, years, note) VALUES ( '$fn', '$ln', '$e', SHA1('$p'), NOW(), '$p', '$c', '$dl', '$y', '$n' )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK.
And in the Login.php, here is the code for checking the password you get at log-in with the encryted one in the Database:
SELECT user_id, first_name, level FROM users WHERE email='$e' AND password=SHA1('$p')

The password is selected based on the encrypted value, so in the Log-in script, handle the results based on the number of records returned. If zero, no member has that email and password. If one, the person should be allowed into the page/site.

alex1985

Could you write the whole process how you do it from the beggining?!


jlhaslip

Post the register script you are using and the log-in script, too. It will be easier to modify your script than explain the whole workings of mine, but basically, after you have the password on the register script, as you insert it into the database, use the SHA1() function to encrypt it. And when you retrieve the password on log-in, also encrypt it using the SHA1() function before you compare the two.Attach your scripts and I will Mod them for you as best I can.*edit*Oops! I added the method into the posting two up from here.


alex1985

Thanks. I already so it, how encrypt the password using the MySQL sequence. Tomorrow, I will post the sequence itself.


alex1985

Why do some people create different files of PHP extensions? Like the ones: db_connect.inc.php or db_connect.php?! What is the different between them? In reality, both of them have the same code.


sonesay

There would be no sense in creating two files with different names and the exact same code in them. Are you talking about two files with different names and different codes?


alex1985

Could you explain the code: ['cmdusers'] or ['cmdlogin']?! What is the difference between them?


sonesay

Thats just different variable names. As to what they do specifically or hold I don't know I don't have your entire source code. You have to be more specific with your questions if you want better answers. Thats all I can tell you from the last question you asked.


alex1985

Take a look of this code at: PHP Tutorials.

Just explain me the info that relates to 2 of my questions...


sonesay

The only reason people name files differently is preference. The same goes for variable names, You can have $name1 and $name2 and if both hold the same value then there should be no difference. You can choose to name your database file what ever you like for example.. db.php or db_connect.php etc. I think thats what your asking right? I'm sorry your just not being too clear in what exactly your asking.


alex1985

I will check them on the server and clerify my questions!!!What is AJAX?


jlhaslip

AJAX is a scripting language that uses javascript and other stuff to be able to provide your site with automatic and (nearly) instant updates of information.PHP and ASP are 'Server-side' scripting languages. Javascript is 'Client-side'. In the past, javascript could do things like local error-checking before a page was submitted to the server for refreshing the information. Now, javascript in the Browser can work with php at the Server to send your page information from the server without requiring a page refresh or reload. AJAX is what you use to do this.


alex1985

So, is it better to create login system with AJAX support? If yes, please indicate the tutorial.