MySQL writing to "users"

Hi,

I'm using AnyDAC.

(on the DAConnection, ive preset my dedicated server, port and database name )

Im looking for a way how to write 4 fields into the MySQL database, under users.

username
password
hint

The delphi registration for will look like, 3 EDIT.TEXTS and a drop down menu.

They will enter a username, password then select from a drop down menu 5 options for exmaple
(what's my dogs name, What is my first school ect.. ) and then finally the last edit.text will be the field he will enter his HINT in (incase he forgets his password )..


EDIT1.TEXT
EDIT2.TEXT
COMBOBOX
EDIT3.TEXT


Then REGISTER button.


=================

Im sorry if im asking alot, but once i understand and have this to work with, i beliee i can learn so damn much. I find it better for me to have thw working example infront of me to trial and error, rather than reading and understand. i learn much more.

I hope ive been clear.


Example below:

[img] http://img541.imageshack.us/img541/4412/register.jpg [/img]
966Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
CodedKConnect With a Mentor Commented:
Method

1) Select   <- Example down below...
2) Insert   <- From previous post...
3) Select  <- From the example code below do exact the same to select the user (matching the edit box) now it will find him. Now that the number Temp=1 show message SUCCESS and show form2.



procedure TForm1.Button1Click(Sender: TObject);
var
  QueryStr: String;
  Temp: Integer;
begin
  //Validity check..
  Screen.Cursor := crHourglass;
  if ( (username.Text='') or (password.Text='') or (answerinfo.Text='') )
  then ShowMessage('Please fill the edit boxes...') else
  begin


 //Count usernames that match the one given.
  QueryStr := 
  'SELECT Count(USR.username) FROM mytable_X.users USR where username='+ Trim(username.Text);

  AdQuery1.SQL.Clear;
  AdQuery1.SQL.Add(queryStr);
  Screen.Cursor := crHourglass;
  Temp:=0;
  try
   AdQuery1.Open;
   while not AdQuery1.Eof do
   begin
     Temp:=AdQuery1.Fields[0].AsInteger;
     AdQuery1.Next;
   end;
  finally
    AdQuery1.Close;
    Screen.Cursor := crDefault;
  end;

  If (Temp>0) //then we found one that has the same username...
  then Showmessage('This username is allready taken')

  
  ELSE

  BEGIN
  
  ///YOUR previous code here to insert the values...

  END;



end;



//Again i just wrote this ... Didnt have time to check but it should work fine...

Open in new window

0
 
Mahdi78Commented:
For security reason i suggest you to let users register via your PHP server.

USER -------> PHP Server --------> MySQL Database
0
 
966Author Commented:
what security issues , because i believe in php has greater threat, as my rootpass and database is stored inside the component itself, and if my client is to be reverse engineerd, its impossible to get passwords.

all they do is send and register, after that feilds are cleared.
Thanks for your concearns and i dont want to sound ungreatful or rude, but can we keep this to the topic, as i really need a answer on this one mate.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
966Author Commented:
if its too confusing with the drop menu ect, please leave that and just do username and pass and security secret word to be registerd.
0
 
966Author Commented:
Im just having a pop in the dark here:

ADConnection1.Params.insertintotable['test1']:= Edit1.Text;

the table is called test1

something like this? I know its obviously wrong.. but any help ?
0
 
Mahdi78Commented:
When user register, he need to use Database, so he need to connect with Database username and password
it is not secure to put database username and password in your Delphi application (User client)
0
 
CodedKCommented:
Hi 966.

To the point...



procedure TForm1.Button1Click(Sender: TObject);
var
  QueryStr: String;
begin
  //Validity check..
  Screen.Cursor := crHourglass;
  if ( (Edit1.Text='') or (Edit2.Text='') or (Edit3.Text='') )
  then ShowMessage('Please fill the edit boxes...') else
  begin
  try

      QueryStr:= 'INSERT INTO NAME_OF_YOUR_DATABASE.users '+
      '(username, password, question, answer) VALUES '+
      '("'
      + Trim(Edit1.Text) +'","'
      + Trim(Edit2.Text) +'","'
      + ComboBox1.Text +'","'
      + Trim(Edit3.Text)
      +'")';

      AdQuery1.SQL.Clear;
      AdQuery1.Fields.Clear;
      AdQuery1.SQL.Add(QueryStr);
      ADQuery1.ExecSQL;

    except ShowMessage('An error occured SQL! Application could not insert the values!');
    end;

  end;
end;



Now you should have the database ready in your server.

About the thing Mahdi78 said.
Generally its not a good thing to store passwords in your application.
Its not forbidden though if you follow some steps to protect your application.
BUT this is a thing that we will discuss in another question once you've completed your app and its ready to sail.

I wrote that without testing but i think its pretty strait forward and i don't have any mistakes.
If you have any questions just ask.

CodedK
0
 
CodedKCommented:
And to return to the user put a
Screen.Cursor := crDefault;
when you are done.
0
 
Mahdi78Commented:
@966
It is not secure to put username and password of database in Client application, because any-user can monitoring data between User Form (Client Application) and Database server,
Better way, we use PHP server as intermediate between Client application and Database server, there (PHP server) where we put username and password Database, data will be transferred by the following way

Client Application (username, password ... data of user) ---------> PHP Server (username, password ... data of user and username and password of Database) -----------> Database Server
0
 
966Author Commented:
Thanks for the answer codek. I tried to compile got a few errors. But like you said, its untested.

Just a thought, will i need to drop a ADCONNECTION and setit to my IP again?

the error it gave is:

connection and connection name value are both empty. Connection is not defined.

Regarding security, yeah ill make another topic about it once we sort this out mate, for sure.
0
 
966Author Commented:
dont it matie.

thanks very mate.

Now, how would it say, registration complete? if all fields have been registered ?
0
 
CodedKCommented:
With the same principal .
Instead of doing an "insert" query do a "select" query and see if the database has the username = editbox1.
And all the other info.
I am at the job right now i will prepare an example when i find the time.
0
 
966Author Commented:
Ok, in your own time, ill prepare a topic about security in a while, after i sort some things out. Thankyou.
0
 
966Author Commented:
ive had a bit play around with it, but some errors.

It connects to SQL, writes my entries into the fields, but, id like it to check if the username is not already registered.

If the username is already in my database showmessage 'already taken' and dont write anything to sql.

also, after registration is successful, it closes the form and opens form2.
(so the user cant go back and write multiple entries.)
0
 
966Author Commented:
This is my working code for writing to SQL, so if you can modify this so im not confused if thats okay?

procedure TForm1.Button1Click(Sender: TObject);
var
  QueryStr: String;
begin
  //Validity check..
  Screen.Cursor := crHourglass;
  if ( (username.Text='') or (password.Text='') or (answerinfo.Text='') )
  then ShowMessage('Please fill the edit boxes...') else
  begin
  try

      QueryStr:= 'INSERT INTO mytable_x.users '+
      '(username, password, question, answer) VALUES '+
      '("'
      + Trim(username.Text) +'","'
      + Trim(password.Text) +'","'
      + ComboBox1.Text +'","'
      + Trim(answerinfo.Text)
      +'")';

      AdQuery1.SQL.Clear; 
      AdQuery1.Fields.Clear;
      AdQuery1.SQL.Add(QueryStr);
      ADQuery1.ExecSQL;
      
    except ShowMessage('An error occured SQL! Application could not insert the values!');

    end;

  end;
end;

Open in new window

0
 
966Author Commented:
first class !!
0
All Courses

From novice to tech pro — start learning today.