Question:
How do I use MySQL data in a PHP form without the values displaying in the source code?
Pure Kenergy
2009-12-06 17:34:43 UTC
I am setting up a form that will require a behind the scenes login and password, which I have stored in a MySQL database table. I've got the code to connect to the database, but is there a way to write the MySQL portion so that I can use a tag in the "value=" portion of each line that will pull the data from the database but not display the actual values in the View Source when you look at the source code of the page? I'm right on the cusp of figuring this out, but cannot get it to work and if anyone knows how I can do this I am 100% open to ideas on how to do this, something better, or anything that will help me get this done. I will gladly give 10 points to the best answer.
Three answers:
Robin T
2009-12-06 18:43:52 UTC
Assuming that the website you are logging the user into is located under a different domain, the short answer is you can't do this.



Maybe you should elaborate a bit about what you are trying to do here. If you are simply trying to help user logging in to another website, you shouldn't need to worry about them being able to see their own password. You just need to make sure from within your website, the page that does this auto login is behind SSL, so that the password is encrypted during transfer. Other than that whatever you send to the other website will just be the same as if the user submits the form to the other website themselves.
anonymous
2009-12-06 17:58:04 UTC
The web page should never connect directly with the database, but through an intermediary language (typically PHP.) The HTML form calls the PHP program, which formulates an SQL request that gets passed to the database. The resulting information will come back to PHP, but it only returns to the web page if you choose to include it.



The user cannot see PHP source. They will only see the HTML output of the PHP.



There's no need to report any information you don't want the viewer to see. Of course, if there's information you want displayed, there's no way to avoid that being in the source.



(Well, I can think of some sneaky AJAX tricks, but anything visible to the user will still be visible in the source one way or another.)



If you're worried about the data being transmitted in the clear from the page to the PHP, then you can investigate whether your server supports SSL.
anonymous
2016-04-08 16:09:19 UTC
Yes, you can do that. Save whatever they enter into your database and prepopulate the form when the user returns. Did you have a specific question?


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...