Thank you Henning but I'd like to go deeper into detail.
What you've said is OK, but then I will have to create a real database-user for each user. I'd like to know how safe this is, cause I am unsure what possibilities this gives to each of the users. On the other hand, if I would create one database user that reads from the database a table (normal table) with all users and passwords, then the check if user-password matches would give the user access to the next website. If a user now wants to select data from the database it would be done with that one user (cause there is no real user for euch user) which is also in my eyes an unsafe solution, cause everyone is the same sql-user. what is the common guideline to realize this? There must be some kind of normal procedure, or isn't? Any hints for an online-manual regarding security aspects? dcp Henning Olsen wrote: > If the users dont have access via ftp to your htm-doc's but only see > the result in browser, you have no problems in having the > MySQL-password in the php-section of the login-doc. > > The users will never see the php-part of the doc, because it's a > server-side part and will only produce the html-code you want it to > produce. > > If your users have ftp-access to docs, you have a problem. > Yours > Henning > > Dennis Peyerl wrote: > >> Hello >> >> I want to realize the following thing: >> A user shall be able to connect through a php-website into mysql. I >> have a form with to input types (standard html). The two input types >> are text and password. >> I don't know how to use that, to log a user in. Do I have to create a >> special table for all the users and then compare the two entries with >> the appropriate inside my table (for that I would need a special user >> taht connects to mysql, just to look if users exist and passwords >> match)? >> Or do I have to create a lot of database-users and the php-script >> (e.g mysql_pconnect) uses the entries from the form? >> >> I don't know what is safe. I would like to get a good document that I >> can read about that. >> Thanks in advance >> >> dcp >> >> >> >> --------------------------------------------------------------------- >> Before posting, please check: >> http://www.mysql.com/manual.php (the manual) >> http://lists.mysql.com/ (the list archive) >> >> To request this thread, e-mail <[EMAIL PROTECTED]> >> To unsubscribe, e-mail >> <[EMAIL PROTECTED]> >> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php >> >> > > > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail > <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
