I need to secure my php application. Anyone may view the database information (without logging in) only authenticated users may modify the database. I need to Challenge such users for their credentials (username and password). I want to use a strong one-way hashing algorithm to encrypt the password and then compare the encrypted string with the data in a users table. Then store the authenticated username in the session to indicate that the user has been validated. So I would need to create a registration page to add new administrators.

Heres my code:

Index.php

CRUD

• Create
• Read
• Update
• Delete

insert.php

Name:
Sex:
DOB:

select.php

Name Sex DOB ";

while ($row = mysqli_fetch_assoc($result)) { echo ""; echo "" . $row['name'] . ""; echo "" . $row['gender'] . ""; echo "" . $row['dob'] . ""; echo ""; } echo "";

mysqli_close($con); ?>

delete.php

Enter the name of the person to delete.

Name:

update.php

Enter the name of the person to update.

Name:

do_update.php

$conn = mysqli_connect($servername, $username, $password, $dbname); $sql = "UPDATE Person SET dob='$_REQUEST[dob]', gender='$_REQUEST[sex]' WHERE id='$_REQUEST[id]'"; mysqli_query($conn, $sql); mysqli_close($conn);

header("location:index.php"); ?>

do_insert.php

// Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); }

$sql = "INSERT INTO Person (name, gender, dob) VALUES ('$_POST[name]','$_POST[gender]','$_POST[dob]')"; $conn->query($sql);

$conn->close();

header("location:index.php"); ?>

do_delete.php

try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// sql to delete a record $sql = "DELETE FROM Person WHERE name='$_REQUEST[firstname]'";

// use exec() because no results are returned $conn->exec($sql); echo "Record deleted successfully"; } catch (PDOException $e) { die($e->getMessage()); }

$conn = null; ?> Main menu

display_for_update.php

// Create connection $conn = mysqli_connect($servername, $username, $password, $dbname); // Check connection if (!$conn) { die("Connection failed: " . mysqli_connect_error()); }

$sql = "SELECT * FROM Person where name = '" . $_REQUEST['firstname'] . "'"; $result = mysqli_query($conn, $sql); $row = mysqli_fetch_assoc($result);

if ($row) { ?>

Sex:
DOB:

mysqli_close($conn); ?>