SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    May 2009
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP/MySQL confusion

    I have very recently moved from frontpage to notepad development of my website in php/html combination and I have a situation that is confusing me to no end and need some guidance if you please.
    The website in question is live and has been operating successfully for the past three years without SSL but the time has come for higher protection.
    As this site is service driven and not product driven, the client is required to complete a fairly extensive form; a sample of which can be found here:
    mhacorp.com/Custom-Romance-Story-Creations/EPYN-BQ-1329DOTphp secondarily, when the client submits their detail, they MUST be transported to the relative payment page as follows:
    mhacorp.com/Custom-Romance-Story-Creations/EPYN-BQ-1329-oeDOTphp

    With the SSL in place, it shows insecure (of course) so now I need to go through the database and here is the rub!
    1) I thought php could deliver this form directly into the mysql (which is already set up) but I am finding a lot of scripts that are supposed to handle this through the cgi-bin and I have no idea which is correct.

    2) Due to the need to transport the client to the proper page, I am now uncertain whether normal conventions that are used in "email" delivery apply as well as setting out the parameters for what fields MUST be completed.

    3) As far as recovering the data once it is entered, I have access to the PHPMyAdmin on the server so I can export it directly from there so I don't see a problem in that.

    Any guidance that you might give me is appreciated. I could have someone do this for me but I really prefer to understand what is going on and the basic before I start turning things over to others.

    Many thanks
    DO

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    First, SSL and the database questions are not related. SSL only encrypts the HTTP connection between the web server and the browser. Whatever you do as far as the database will be the same with or without SSL.

    You don't actually need SSL since you're not collecting any payment information on your site. You're redirecting them to the PayPal website for that, which is protected by SSL.

    1) Yes, PHP can process your form and insert it into the database. Look for PHP form processing tutorials, and tutorials on inserting data into a database. SitePoint publishes several books which cover this, such as "Build Your Own Database Driven Website With PHP & MySQL".

    2) What do redirecting or validating fields have to do with email delivery?

  3. #3
    SitePoint Member
    Join Date
    May 2009
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You don't actually need SSL since you're not collecting any payment information on your site. You're redirecting them to the PayPal website for that, which is protected by SSL.
    I completely agree that we do not need SSL but like many things in life, perception goes a long way and the more comfortable and secure our guests feel, the closer we get to doing our best for them.

    Yes, PHP can process your form and insert it into the database. Look for PHP form processing tutorials, and tutorials on inserting data into a database. SitePoint publishes several books which cover this, such as "Build Your Own Database Driven Website With PHP & MySQL".
    I have quickly reviewed the titles from SitePoint and will be commencing a library very shortly.

    What do redirecting or validating fields have to do with email delivery?
    When setting up an email form we can use hidden fields:
    Code:
    <input type="hidden" name="required" value="email,name,birth" />
    <input type="hidden" name="redirect" value=".....Y-AF-0196-oe..." />
    My question simply asked whether these form qualities were also available to a form being sent to a db rather than processed through email.

    Thank you for taking the time to answer.

    DO

  4. #4
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,179
    Mentioned
    233 Post(s)
    Tagged
    1 Thread(s)
    Well, the requirements are completely different if you are sending the data collected in your form by e-mail or to a database. Therefore, the scripts are not the same.

    When you send it to a database, no field is really mandatory, unless you want to make it that way simply because it is information you want to keep.

    As an example, you will want to keep the name and last name of the person that purchased from you, and the date the purchase was done. Maybe, you want the e-mail address to send an e-mail confirming the purchase. It is up to you.

    The only mandatory fields will be the ones that you need to pass to paypal (that is, reference of the purchase, amount, currency and the like)

  5. #5
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    967
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Diversions View Post
    I have very recently moved from frontpage to notepad development
    At least use something that colors the code.

    1) I thought php could deliver this form directly into the mysql (which is already set up) but I am finding a lot of scripts that are supposed to handle this through the cgi-bin and I have no idea which is correct.
    There are scripts in different languages. Perl is typically run in the CGI-BIN, but not PHP

    2) Due to the need to transport the client to the proper page, I am now uncertain whether normal conventions that are used in "email" delivery apply as well as setting out the parameters for what fields MUST be completed.
    As always, as few as possible to make the submission work/useful. As a note, you should use JavaScript validation for the user as well as backside validation for security.

    3) As far as recovering the data once it is entered, I have access to the PHPMyAdmin on the server so I can export it directly from there so I don't see a problem in that.
    Never trust the users data.

    Use mysql_escape_string() to protect the database on posted data.

    If you expect a number, validate for a number, etc..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •