PHP: when a ' is put into the text box

So I've just created a simple PHP today that allows me to add species information about frogs into a database. Most of the information that I used was sourced from other material and contained all types of characters. It was only later that I found the MySQL does not successfully submit data to the database if particular characters are used. This is often described as a security measure where hackers can enter in <script>or something of that nature into the text box, and the computer will then execute it. Not really what you want.

After scouring the net for a while, and watching all of these awesome PHP videos, I found the PHP function mysql_real_escape_string() which escapes any characters which may have been entered into the field that you want to show up as regular text. This includes escaping the ' character which I'm sure many people use when describing the 'nature' of something.

In the example below, I have used POST to send text input by the user to the $_POST variable. Once the submit button is pressed, the user is redirected and the data can then be picked up again by $_POST[text_input_name] and assigned to a variable. What must be added, is the mysql_real_escape_string() function which sort of modifies the input text. So instead of just using:

$identification=$_POST['identification'];

You can get around the problem using:

$identification=mysql_real_escape_string($_POST['identification']);

Lastly, when you go to INSERT the escaped input into your database, you need to add some extra characters, not entirely sure why. Instead of just your '$variable' wrapped in single quotes, you need to add a double quote on either end as well as a full stop. So that when you INSERT INTO your table, the PHP script will look something like this:

$query="INSERT INTO table (identification) VALUES '".$introduced."' ";

This is no doubt one of many PHP functions which I am yet to learn. But this will solve many problems in the near future, I'm sure. If I remember, I will add the Frog database link for all to browse :D.

Until next time, adios!

Post #1: Setting up my LAMP

Not a desk lamp silly, a Linux-Apache-MySQL-PHP server! Feeling a bit crook so have decided to limit myself to light duties: setup my LAMP server. I've already installed Apache and it appears to be running smoothly. There needs to be better ways to organize notes and journal articles that I have read such that I don't read them again and such that I don't read them again and such that I don't read them again. The answer: PHP and MySQL! While at the minute I only know how to echo/print data to the browser, it is suggestive that I should be able to search databases stored on my server, and output the relevant information to a browser.

So the journey begins. This blog will be an installment of posts that regard and web design techniques that I implement over the coming months/years.

Install LAMP
So as per the Ubuntu Docs above, I checked my distro:

Linux 2.6.38-8-generic-pae #42-Ubuntu

Apache2 is installed. Next, install MySQL with PHP5:

sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

Everything was already installed. :D Gotta love server edition!

PHP memory allowance
Ubuntu suggests increasing the maximum amount of memory that PHP using when executing scripts. I increased mine from 128 -> 256M. Locate memory_limit and change:

sudo nano /etc/php5/apache2/php.ini

MySQL bind address
Need to be changed if accessing the database from other computers on the network. So yes, needs to be done. Access /etc/mysql/my.cnf, and change bind-address to the IP address of the computer which will be accessing:

sudo nano /etc/mysql/my.cnf

Remember, when using nano, Ctrl + W is the keyboard shortcut for search.

phpmyadmin -> the GUI
So rather than using the CLI for doing mundane tasks, take advantage of the browser. That's where I want to send all my searches in the future anyway. Install phpmyadmin.

sudo apt-get install phpmyadmin

A thing came up about dbconfig-common and after a quick search, I just pressed "Yes".

Test PHP status
Yep, so PHP is working. Created a simple file in the root directory of my webserver testphp.php and then pointed my browser there. Vioala! Info about the variables of the PHP installation. It even shows the correct memory_limit that I set early.

So at this stage, I'm hoping that I haven't done anything around the wrong way. It appears that I haven't.

Just spent about 20mins trying to figure out where the phpmyadmin site was...turns out I forgot to edit apache2.conf. Add...

Include /etc/phpmyadmin/apache.conf

...to the bottom of /etc/apache2/apache2.conf, restart Apache and then point your browser to yourdomain/phpmyadmin. Beautiful!

Right. Now to teach myself some PHP stuff! I see the light at the end of the tunnel, I just can't make out the distance to it.