Thanks.
Another related question. I know that to connect to a mysql database using
php you use the following statement
$link_id=mysql_connect("hostname","username","password");
My question is if the variable $link_id which is the handle to the database
can persist beyond the web page that create it. I was wondering if this
variable can be a session variable to be reused through the session.
The reason is that the user will be browsing through several web pages each
with a script to perform a particular query of the database. It seems to me
that on every page i would need to use the database connection statement
which means that I have to store the username and password. And you have
help because you have indicated that the session variables are stored on the
server so there is no addtional risk. I wanted to find out if there are any
other solutions besisdes storing the username and password like storing the
database handle $link_id as a session variable. Is this possible?
"Christoph Grottolo" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Quincy
>
> Session variables are stored on the server, not on the client, so there is
> no additional risk, if you don't send usernames and passwords back to the
> client with your script. But usually you don't need to store
> username/password because you don't need them in the scripts. You just
store
> a variable which confirms that the user already has authenticated (p.e.
> $sess_auth=true;) which you can check in your scripts, and, if you need,
the
> userID.
>
> Maybe you have a look at some ready-to-use auth solutions written in PHP.
> Look at http://www.zend.com/codex.php?CID=341.
>
> Christoph
>
>
>
> "Quincy" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> | I want to design a web application using php ,that allows the user to
sign
> | in once into the mysql database and then over the course of several
pages
> to
> | perform several queries on the database using their name and password.
> |
> | My question is how can I do this without asking the user to enter his
> name
> | and password on every page so that a query can be performed on the
> | database.My initial thoughts was to store the user name and password as
> | session variables when the person initial signs in. My concern is if
this
> | safe enough as someone else may be able to access the session variables
> and
> | get the user name and password.
> |
> | Can anyone offer any suggestions on the safest way of accessing a mysql
> | database over several pages using the same user name and password
without
> | asking the user to give this information on every page which needs to
run
> a
> | query on the database.
> |
> |
> |
> |
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
