connecting to a mysql database

introduction
a lot of web based applications rely on the use of a database in order to store their data. in this article i will discuss how to connect to a database using php.

the code
connecting to a database is really quite simple in php. you will need to know the following information about the database in order to establish a connection: server, name, username, and password. to make it easy to visualize i prefer to set variables for each and then use the variable names when i make the actual connection call:

<?php
$db_name = "my_database";
$db_serv = "localhost";
$db_user = "my_username";
$db_pass = "my_password";

$db_conn = mysql_connect($db_serv, $db_user, $db_pass);
mysql_connect($db_name, $db_conn);
?>

that’s it! now that you have established a connection you can make queries to the database to recall data:

<?php
$sql = "SELECT * FROM some_table";
$result = mysql_query($sql);
?>

conclusion
its really quite simple and storing information in a database not only makes a site run more smoothly, but it also allows you to create powerful content management options so you can quickly update information on the site without changing anything in the site’s files themselves. this is great for template based sites where the pages stay pretty much the same and the content inside them varies depending on a given combination of variables.

password encryption

introduction
ive worked on a lot of programs and websites that involve requiring the user to login in order to gain access and it occurred to me that there is a useful bit of information that i can share from these experiences. what i am referring to is the encryption process to protect the password of the user. more often than not i use an encryption method called md5. happens to have a built in function that will convert any string into an md5 quite easily. combine that with a login/signup form and a database to store it in, and you’re well on your way to a secure login system.

md5
md5 (message-digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. as an internet standard (rcf 1321), md5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. an md5 hash is typically expressed as a 32 digit hexadecimal number. for example, the md5 of the word ‘the’ would be ’8fc42c6ddf9966db3b09e84365034357′

the code
as i already stated, in php there is a predefined function to convert a string into an md5 hash. its quite simple actually: md5("the"); would be the method used to return the hash stated above. let’s say you created a signup form that looked something like the following:

<form name="signup" method="post" action="">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>

once the user clicks submit php can be used to process the information and store it in a database to be recalled later (assuming we already have a ):

<?php
if ($_POST) {
	$username = $_POST["username"];
	$password = md5($_POST["password"]);

	$sql = "INSERT INTO users (username, password)
		VALUES ('$username','$password')";
	$result = mysql_query($sql);
}
?>

notice that i encrypt the password before storing it into the database. this way if anyone ever gets access to your database, they’ll have a rather difficult time deciphering what the passwords are. to login to the software a similar form would be used however this time, after converting the entered password to an md5 we would do a look up to see if the users exists and if the password is correct:

<?php
if ($_POST) {
	$username = $_POST["username"];
	$password = md5($_POST["password"]);

	$sql = "SELECT * FROM users WHERE username = '$username'";
	$result = mysql_query($sql);

	// make sure there is a user with this username
	if (mysql_num_rows($result) == 0) {
		$msg = "No Such User!";
	// there is a user, now check the password
	} elseif ($password != $row["password"]) {
		$msg = "Incorrect Password!";
	} else {
		$msg = "Logged In";

		// set the user to logged in
		$_SESSION["logged_in"] = true;
	}
}
?>

and there you have it
this is a good way to protect the information between users as well as reassure them that their login information is encrypted. md5 is not the be-all-end-all for encryption methods, and while difficult, it is possible to reverse engineer the hashes, but it is certainly a great first line of defense when creating password protected logins.