0

I am using VMWARE and done install LAMP server on it. I've create two UBUNTU vm's. One is for system and another one is for database. The insert database in PHP program system should insert in another vm which is specifically for database. I've already make a connection between two vm's using SSH and grant privileges method.

VM 1= For PHP system, VM 2= For database that PHP data should insert.

This is signup system. I've already created database name as 'authentication' and table as 'users' with name and password in the table. 

<?php
 session_start();
 $db = mysqli_connect("192.168.117.129","root","abc","authentication"); //ip for vm2

 if (isset($_POST['signup_btn'])) {

     $name = mysql_real_escape_string($_POST['name']);
     $password = mysql_real_escape_string($_POST['password']);
     $rePassword = mysql_real_escape_string($_POST['rePassword']);

     if ($password == $rePassword) {
         $password = md5($rePassword);
         $sql = "INSERT INTO users(name, password) VALUES('$name', '$password')";
         mysqli_query($db,$sql);

         $_SESSION['name'] = $name;

         header("location: login.php");
         exit;
     }else{
         $_SESSION['message'] = "The two passwords do not match";
     }
 }?>

The problem is, when I insert the data in the system, it's unable to connect with mysql database. What should I do?

JNevill
  • 46,980
  • 4
  • 38
  • 63
Little Potato
  • 65
  • 1
  • 10
  • First thing you should do is include the exact error message you're seeing, verbatim. – erik258 Dec 22 '17 at 15:36
  • There's no error. Just it's unable to connect with mysql database. Means the data from the system not insert in the database. – Little Potato Dec 22 '17 at 15:38
  • You need to create a `mysql` user in your database server and point that user to your aplication server....like `CREATE USER 'youchooseanusername'@'ipofthevm1machine' IDENTIFIED BY 'yourpassword';` – Hackerman Dec 22 '17 at 15:39
  • What makes you think it's unable to connect if there's no error? – erik258 Dec 22 '17 at 15:40
  • what used of these? because I've done it multiple times and I couldn't understand what should I do next. Sorry I'm just a student and a beginner. This is my project and I should submit this tomorrow. – Little Potato Dec 22 '17 at 15:44
  • 1
    Possible duplicate of [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) – aynber Dec 22 '17 at 15:44
  • 1
    You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that may occur.** – aynber Dec 22 '17 at 15:45
  • @Hackerman ^^^^ – Little Potato Dec 22 '17 at 15:45
  • MySQL queries tend to fail silently. Make sure you're checking for [mysqli errors](http://php.net/manual/en/mysqli.error.php) along the way to make sure the queries work like they should. – aynber Dec 22 '17 at 15:45
  • @LittlePotato glad to help pal! – Hackerman Dec 22 '17 at 15:47
  • @aynber so should I change **$db** to **$mysqli** ? – Little Potato Dec 22 '17 at 15:51
  • please add `if (mysqli_connect_error()) { echo mysqli_connect_error(); }` to print the error after the connection – Liora Haydont Dec 22 '17 at 15:54
  • @Hackerman what should I do after I create the mysql user? – Little Potato Dec 22 '17 at 15:54
  • You need to grant privileges on that user over your database...look for the grant privileges command on google – Hackerman Dec 22 '17 at 15:57
  • No, the variable name is fine. But `mysql_real_escape_string` won't work with mysqli. The `real_escape_string` functions shouldn't be used anyway since they aren't as secure as one might think. Using prepared statements to bypass quoting the variables is much more secure. – aynber Dec 22 '17 at 15:58

0 Answers0