Thread: Php via Flash

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    3
    Rep Power
    0

    Php via Flash


    Hi Guys, I am attempting to create a login database via Flash, MySQL. I have virtually no knowledge of php at all. The php file I have created is copied from a tutuorial I read online. My swf file works fine but when I attempt to connect with my database the php file doesn't appear to be working.

    I have no knowledge of the php language so I am unable to identify any mistakes that I may have in the script. So, any advice would be most welcome:
    If would be help to see my fla file please say and I will upload it.
    Thanks

    PHP Code:
    <?php
    //Declare variables
    //connect
    $email $_Post['email']; 
    $user_Name $_POST['username'];
    $ps_wd $_POST['password'];

     
    //mysql wants to know your localhost, database username and your database password
    $link mysql_connect("localhost""database""password" or die (mysql_error());
    //mysql wants to know your database name to connect
    mysql_select_db("database") or die(mysql_error());
     
     
    //collects data from table
    $data mysql_query("SELECT * FROM users WHERE col_email='$email'  col_user_Name='$user_Name' AND col_ps_wd='$ps_wd'");
    if (
    mysql_num_rows($data) == 0) {
      
      while (
    $row mysql_fetch_assoc($data)) {
        
    $userbio $row["name"];
        echo 
    "systemResult=$userbio";
    } else {

    echo 
    "systemResult=The login detail dont much our records";
       



    // escape email and password for use in SQL
     
    $email mysql_real_escape_string($email);
     
    $ps_wd mysql_real_escape_string($ps_wd);
     
    $sql "SELECT * FROM users WHERE
     email='" 
    $email username='" . $user_Name . "'" "' AND password='" . $ps_wd . "'"
     
    // more code
     
    mysql_close($con);
    }
    ?>
    Last edited by ManiacDan; May 20th, 2013 at 07:50 AM. Reason: Fixed code tags
  2. #2
  3. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,846
    Rep Power
    6351
    This code is full of massive security holes, but the most obvious error is your missing quote near the end.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Hi,

    throw away the script and stop copying and pasting stuff you find somewhere on the Internet.

    Copypasta really is the cancer of PHP. The problem is that not only "end users" like you copy and paste, but also a lot of the PHP "developers" writing online tutorials. Much of the free code you'll find online is the copy of the copy of the copy ... of the copy of some garbage code some clueless kid wrote somewhere in the 90s. Since nobody in this chain ever thought about the code, the same security holes, bad practices and obsolete functionalities are being perpetuated through the decades. It's the 21. century, and people are still doing unescaped queries with the old MySQL extension -- that's just sad.

    Break the cycle! Learn PHP, learn about security risks and then write your own code. Yeah, it will be a lot of effort, and your code won't be perfect at first. But at least it's your code, and you know what it's doing. That already puts you ahead of 90% of the other "developers".

    Comments on this post

    • Strider64 agrees
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Burb of Detroit, Michigan
    Posts
    86
    Rep Power
    76
    I went to college as a Flash Developer/Designer and I think I still have an OLD tutorial on how to create a login using flash incorporating PHP. However, what I know now I would never use it, for flash developers tend to 'dabble' in php and only show you the basics of php. To me this is stupid, but people teaching flash only teach you the basics on how to do something in another language. I think if I ever become really good at a language, I would never do something like that. Another thing to watch out for if you read a book, watch a tutorial from a trusted website (for example: Lynda.com) or another source is even though they instruct you on how to do it. You still have to question the soundness of the code, for even they sometimes don't teach you the best practice on how to do it. You can always improve on their code and in the worse case scenario scrap it. Just my .02 cents.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    3
    Rep Power
    0
    Originally Posted by Strider64
    I went to college as a Flash Developer/Designer and I think I still have an OLD tutorial on how to create a login using flash incorporating PHP. However, what I know now I would never use it, for flash developers tend to 'dabble' in php and only show you the basics of php. To me this is stupid, but people teaching flash only teach you the basics on how to do something in another language. I think if I ever become really good at a language, I would never do something like that. Another thing to watch out for if you read a book, watch a tutorial from a trusted website (for example: Lynda.com) or another source is even though they instruct you on how to do it. You still have to question the soundness of the code, for even they sometimes don't teach you the best practice on how to do it. You can always improve on their code and in the worse case scenario scrap it. Just my .02 cents.




    Thanks for your comments guys! I appreciate your thoughts. But show a little mercy I am a newbie here. I have already scrapped that file I didn't actually realize it was that bad. I guess I will start learning php MySQL by myself rather than copy and pasting from a online website. Got any advice for me anyone?
  10. #6
  11. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,846
    Rep Power
    6351
    The stickies subforum (above the list of threads in the PHP forum) has a number of good threads in it, including the new user guide and the secure login tutorial.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

IMN logo majestic logo threadwatch logo seochat tools logo