Jump to content

Recommended Posts

$mysqlhost = "localhost";

$user = "username";

$pass ="password";

$site_db = "database name";

 

$connection = mysql_connect($mysqlhost,$user,$pass) or die(mysql_error());

mysql_select_db($site_db,$connection);

 

Well I am a new PHP developer and the above code is just my way how to connect to the database. I am shifting to OOP and I want a secured kind of connection.... Can you help me how to do this, or atleast give me an idea what is to consider to a good database connection?

Thank you guys!  ???

Link to comment
https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/
Share on other sites

That way of connecting is fine. A more critical part of securing your MySQL code is to be SQL injection proof. Also, if you are handling personal information, you should consider using SSL.

 

Good luck connecting to MySQL over SSL, considering that SSL has nothing to do with databases.

Well, instead of being jerks, how about we actually answer his question?

 

You could use the Improved MySQL extension (mysqli) in its OOP form, which is easier, less error-prone, and can potentially be securer (due to prepared statements).

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

 

Sorry, BillyBoB, I wasn't talking about you.  I was talking about Blade's ridiculously jerk-y sarcasm.  I already typed my post out before you posted and then just clicked Post without reading your post.

More secure:

 

1. Give the connecting user a limited amount of actions: SELECT, DELETE, INSERT, UPDATE

- or make 4 different users each only having one action, that way you can not DELETE with a user who can only SELECT

2. Give the connecting user a very hard/complicated password: kjdu43jm34&3%$dfj

3. Place the database connection file outside of the root web folder, so it can not be accessed through http(s)

Jeez, If this connection is ok then thank you for the replies, well I am just worried with SQL injections.....

 

Well, Billybob there is a connection with OOP cause maybe there are users that has suggestion how to connect to DB, the OOP way.

 

Thank you for the serious replies!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.