Jump to content

[SOLVED] Secured Database Connection


closed_tag

Recommended Posts

$mysqlhost = "localhost";

$user = "username";

$pass ="password";

$site_db = "database name";

 

$connection = mysql_connect($mysqlhost,$user,$pass) or die(mysql_error());

mysql_select_db($site_db,$connection);

 

Well I am a new PHP developer and the above code is just my way how to connect to the database. I am shifting to OOP and I want a secured kind of connection.... Can you help me how to do this, or atleast give me an idea what is to consider to a good database connection?

Thank you guys!  ???

Link to comment
https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/
Share on other sites

That way of connecting is fine. A more critical part of securing your MySQL code is to be SQL injection proof. Also, if you are handling personal information, you should consider using SSL.

 

Good luck connecting to MySQL over SSL, considering that SSL has nothing to do with databases.

Well, instead of being jerks, how about we actually answer his question?

 

You could use the Improved MySQL extension (mysqli) in its OOP form, which is easier, less error-prone, and can potentially be securer (due to prepared statements).

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

 

Sorry, BillyBoB, I wasn't talking about you.  I was talking about Blade's ridiculously jerk-y sarcasm.  I already typed my post out before you posted and then just clicked Post without reading your post.

More secure:

 

1. Give the connecting user a limited amount of actions: SELECT, DELETE, INSERT, UPDATE

- or make 4 different users each only having one action, that way you can not DELETE with a user who can only SELECT

2. Give the connecting user a very hard/complicated password: kjdu43jm34&3%$dfj

3. Place the database connection file outside of the root web folder, so it can not be accessed through http(s)

Jeez, If this connection is ok then thank you for the replies, well I am just worried with SQL injections.....

 

Well, Billybob there is a connection with OOP cause maybe there are users that has suggestion how to connect to DB, the OOP way.

 

Thank you for the serious replies!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.