php page can't load MySQL's database

Question

Hi

I'm having some problems while trying to connect a .php with mysql. here's the connection.php code

<?php
$db_host =$_POST['localhost'];
$db_user =$_POST['root'];
$db_password = "";
$db_name = "prtcl";
?>

and this is the page where I actually use the connection

<?
include("connection.php"); 
?>

...

<?php
$db = mysql_connect($db_host, $db_user, $db_password);
        mysql_select_db($db_name, $db);
            if (!$db)
              {
              die('Could not connect: ' . mysql_error());
              }
mysql_close($db);             
?>

<body>

...

that's what I get when I try to load it ( line 29 is this one:

$db = mysql_connect($db_host, $db_user, $db_password);

)

Notice: Undefined variable: db_host in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

Notice: Undefined variable: db_user in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

Notice: Undefined variable: db_password in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

Warning: mysql_connect() [function.mysql-connect]: [2002] A connection attempt failed because the connected party did not (trying to connect via tcp://localhost:3306) in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

Warning: mysql_connect() [function.mysql-connect]: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

Fatal error: Maximum execution time of 30 seconds exceeded in C:\Program Files (x86)\EasyPHP-5.3.2\www\prtcl\index.php on line 29

as you can see I'm using EasyPHP and, since this very code used to work before (with a different db, while using manually configured apache/mysql), may be that the reason? Other infos: I made the db using phpmyadmin and I have win7

thank you

Answer 1

I would find out why the $db_host variable is not getting defined. That might be a problem with your form input. Check to see that the name of that input field really is 'localhost'. Also, as Mark Baker mentioned above, you really want to do some input cleansing to guard against sql injection attacks. Plus, is there any reason you can't hardcode the db host info into a configuration file?

Answer 2

Don't ever take your db credentials from $_POST without validation. This is such a terrible idea and this is what's causing your errors, as these keys are not being defined in $_POST, but they could be and the results could be disastrous!

try putting this in connect.php

$db_host = "localhost";
$db_user = "root";
$db_password = "";
$db_name = "prtcl";

$db = mysql_connect($db_host, $db_user, $db_password);
mysql_select_db($db_name, $db);
if(!$db) {
    die('Could not connect: ' . mysql_error());
}

then in your other pages use:

require_once("path/to/connect.php");

// ... whatever else you do on this page...