Created Tuesday 21 June 2022
Additional resources for going further:
For identity, you will need a few more concepts.
Here is an example of a basic "login" page, the big concept here is "sessions," i.e. how the computer "knows" if you are logged in or out. Note that this DOESN'T store the password safely AT ALL
Next is password "storage" — but of course, we don't ever actually store passwords, but their hashes
and the answer to the below question is a practical example done in a "flat file" — i.e. without a database.
Now, most typically, you will see php paired with MYSQL, a type of database. Given that most often, when people build with php, they are working on large and complex services, it makes sense to bear the additional complexity that comes with adding a database to the mix.
The theory behind how to include MYSQL queries (which are any command) is simple, the execution, not so much. First, consider how one may interact with a SQL type database. You do so through relatively "literate" queries, e.g. "SELECT firstname,lastname FROM employees WHERE salary < 50000" is pretty self explanatory.
The difficulty comes from — ( 1 ) , telling PHP to execute those commands and getting back the results ( 2 ) SAFELY.
Part 1 wouldn't be so bad if it weren't for part 2: to wit:
Over time, there have been a number of solutions. Presently, best practices involve using "PDO" (which yes, feels like YET ANOTHER LAYER of abstraction)
Broadly, what this does is called "parameter binding," a fancy way to preven bobby-tables et al
Again, though, if you see examples using things like, e.g. "MySQLi" — these are generally DEPRECATED and shouldn't be used, according to industry.
https://gitlab.com/jrm4/mahrss (honestly, I'd forgotten about this. Grabbing feeds works, but the login system has an issue?)