Well I don't want people accessing our database at all. I want it as secure as possible. Would the closed SQL be hard and would the program we've just written now be useless? thank you again man
Yes... the code we just wrote in Lazarus can't be used in PHP. (there are some implementations of pascal for webpages I think but going with full-PHP would be more practicle)
It's not entirely in the scope of this forum (because it is mainly for Freepascal/Lazarus) but I hope a may make an exception so here is some PHP-code I come up with.
You could save this on any Website (with PHP and MySQL installed) and call it like this (resed.nl is a temp-site I used to upload this example):
http://www.resed.nl/check_user.php?username=mememe&password=thiswontwork(will give you "Incorrect")
http://www.resed.nl/check_user.php?username=test&password=0(will give you "Correct")
I used your database at freemysqlhosting but of course with your own implementation you should use a closed MySQL-database at a provider where you can set this webpage.
<html>
<body>
<?php
$old=error_reporting(E_ALL);
ini_set('display_errors', '1');
$sql="select * from users where username=:username and password=:password";
$databasename="sql561707";
$databasehost="sql5.freemysqlhosting.net";
$databaseuser="sql561707";
$databasepass="dX3%eP3!";
try {
$pdo = new PDO("mysql:host=$databasehost;dbname=$databasename", $databaseuser, $databasepass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$query = $pdo->prepare($sql);
$query->bindParam("username", $_GET["username"]);
$query->bindParam("password", $_GET["password"]);
$query->execute();
}
catch(exception $e) {
echo 'Exception -> ';
var_dump($e->getMessage());
exit();
}
if ($query->rowCount() > 0) {
print("Correct");
} else {
print("Incorrect");
}
?>
</body>
</html>
It would be even more secure if you set the lines:
$databasename="sql561707";
$databasehost="sql5.freemysqlhosting.net";
$databaseuser="sql561707";
$databasepass="dX3%eP3!";
in a separate file "database.inc" in the private directory on your website and replace it in the code with:
include('/private/database.inc');
That way, when there is a problem with the PHP and if for some reason the PHP is shown (which it never should under normal circumstances) the database-details are not in the PHP but in an include-file which is never shown.
That's as secure as you can get.
Now all you need to do is implement the calling of this website in your project and read the result and check if it is Correct of Incorrect.