Installation PHP for Database

Question

I am trying to make an installation file, so that when a user uses my script, they can enter their credentials into a number of forms and it goes and posts that information in the database file etc.

Heres my code for the installation file:

<html>

<head>
    <title>Installation</title>
        <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">

</head>
    <div class="container">
        <h2>Welcome to McApplicator!</h2>
            <p>Installation is simple. Please follow the instructions below.</p>

            <?php

                        $dbhost = $_POST['database_server'];
                        $dbusername= $_POST['database_user'];
                        $dbpasswd= $_POST['database_password'];
                        $database_name= $_POST['database_name'];  
                        $owner_email = $_POST['owner_email'];


            ?>
    <form action="register.php" method="post" name="" id="">

        <div class="form-group">
                            <label>Database Server</label>
                            <input type="text" class="form-control" name="database_server" value="localhost" />
                        </div>
                        <div class="form-group">
                            <label>Database User</label>
                            <input type="text" class="form-control" name="database_user" />
                        </div>
                        <div class="form-group">
                            <label>Database Password</label>
                            <input type="text" class="form-control" name="database_password" />
                        </div>
                        <div class="form-group">
                            <label>Database Name</label>
                            <input type="text" class="form-control" name="database_name" />
                        </div>

                    <div class="form-group">
                            <label>Owners Email</label>
                            <p class="help-block">e.g: admin@gmail.com</p>
                            <input type="text" class="form-control" name="owner_email" />
                        </div>

                        <div class="form-group">
                            <button type="submit" name="submit" class="btn btn-primary col-lg-4">Install</button>
                        </div>
                    </form>
</html>

and then the db.php file

<? 
/*  Database Information - Required!!  */
/* -- Configure the Variables Below --*/
  $dbhost = $_POST['database_server'];
$dbusername= $_POST['database_user'];
$dbpasswd= $_POST['database_password'];
$database_name= $_POST['database_name'];  

/* Database Stuff, do not modify below this line */

$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd") 
    or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)
    or die("Couldn't select database.");
?>

However it says it cannot connect to the database.

Thanks, Mark

I'll note that using `"$dbhost"` is pointless. Just use the variables directly without wrapping it in quotes. — samlev, Oct 12 '15 at 18:59
"cannot connect to the database" isn't one of your error messages. Are you getting "Couldn't connect to server." or "Couldn't select database."? — castis, Oct 12 '15 at 19:00
And as a second note, the `mysql_*` family of functions are depreciated, and should no longer be used. Look into [PDO](http://php.net/manual/en/book.pdo.php). — samlev, Oct 12 '15 at 19:01
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Oct 12 '15 at 19:02
If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Oct 12 '15 at 19:02
You really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Oct 12 '15 at 19:02
Change your line to :- `$db = mysql_select_db($database_name, $connection)` — Akshay, Oct 12 '15 at 19:04
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Oct 12 '15 at 19:05

score 1 · Accepted Answer · answered Oct 12 '15 at 21:19

You used that variables as an string. Remove the "" from those variables.

Just replace the $connection variable by following:

$connection = mysql_pconnect($dbhost,$dbusername,$dbpasswd)

And also replace $db variable by following:

$db = mysql_select_db($database_name)

So the whole code is -

$dbhost = $_POST['database_server'];
$dbusername= $_POST['database_user'];
$dbpasswd= $_POST['database_password'];
$database_name= $_POST['database_name'];

/* Database Stuff, do not modify below this line */

$connection = mysql_pconnect($dbhost,$dbusername,$dbpasswd)
or die ("Couldn't connect to server.");

$db = mysql_select_db($database_name)
or die("Couldn't select database.");

Note that mysql_pconnect() and mysql_select_db() functions are deprecated. You can use mysqli_connect() mysqli_select_db() instead of those functions. MySQLi is an improved version.

Use Like this -

    $dbhost = $_POST['database_server'];
    $dbusername= $_POST['database_user'];
    $dbpasswd= $_POST['database_password'];
    $database_name= $_POST['database_name'];

    /* Database Stuff, do not modify below this line */

    $connection = mysqli_connect($dbhost,$dbusername,$dbpasswd)
    or die ("Couldn't connect to server.");

    $db = mysqli_select_db($database_name)
    or die("Couldn't select database.");

Installation PHP for Database

1 Answers1