closed_tag Posted October 9, 2008 Share Posted October 9, 2008 $mysqlhost = "localhost"; $user = "username"; $pass ="password"; $site_db = "database name"; $connection = mysql_connect($mysqlhost,$user,$pass) or die(mysql_error()); mysql_select_db($site_db,$connection); Well I am a new PHP developer and the above code is just my way how to connect to the database. I am shifting to OOP and I want a secured kind of connection.... Can you help me how to do this, or atleast give me an idea what is to consider to a good database connection? Thank you guys! ??? Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/ Share on other sites More sharing options...
BillyBoB Posted October 9, 2008 Share Posted October 9, 2008 "What does this have to do with OOP?"*** Also I don't believe there is a 'more' secure way of connecting to a database.. Use google to find more about it. ***Topic Moved. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661228 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 What's wrong with this way of connecting? Has your connection been intercepted, and what does this have to do with OOP (as BillyBod said), there is no point in overcomplicating the connecting to the db. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661233 Share on other sites More sharing options...
Andy17 Posted October 9, 2008 Share Posted October 9, 2008 That way of connecting is fine. A more critical part of securing your MySQL code is to be SQL injection proof. Also, if you are handling personal information, you should consider using SSL. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661247 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 That way of connecting is fine. A more critical part of securing your MySQL code is to be SQL injection proof. Also, if you are handling personal information, you should consider using SSL. Good luck connecting to MySQL over SSL, considering that SSL has nothing to do with databases. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661252 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 You think that something will inject your site through you connectin to the database ? lol, seriously? Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661253 Share on other sites More sharing options...
BillyBoB Posted October 9, 2008 Share Posted October 9, 2008 DarkWater: I don't believe he was talking about connecting over the SSL connection. I think he was talking about if he was worried about security from SQL injections. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661257 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 Well, instead of being jerks, how about we actually answer his question? You could use the Improved MySQL extension (mysqli) in its OOP form, which is easier, less error-prone, and can potentially be securer (due to prepared statements). Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661259 Share on other sites More sharing options...
BillyBoB Posted October 9, 2008 Share Posted October 9, 2008 If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder. Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661268 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder. Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless. Sorry, BillyBoB, I wasn't talking about you. I was talking about Blade's ridiculously jerk-y sarcasm. I already typed my post out before you posted and then just clicked Post without reading your post. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661273 Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Share Posted October 9, 2008 More secure: 1. Give the connecting user a limited amount of actions: SELECT, DELETE, INSERT, UPDATE - or make 4 different users each only having one action, that way you can not DELETE with a user who can only SELECT 2. Give the connecting user a very hard/complicated password: kjdu43jm34&3%$dfj 3. Place the database connection file outside of the root web folder, so it can not be accessed through http(s) Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661276 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 If you think that what i said was acting like a jerk, then you need to read what i said again. It was a question, if you took it wrong thats your problem. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-661277 Share on other sites More sharing options...
Andy17 Posted October 10, 2008 Share Posted October 10, 2008 Good luck connecting to MySQL over SSL, considering that SSL has nothing to do with databases. That's not what I meant. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-662133 Share on other sites More sharing options...
closed_tag Posted October 15, 2008 Author Share Posted October 15, 2008 Jeez, If this connection is ok then thank you for the replies, well I am just worried with SQL injections..... Well, Billybob there is a connection with OOP cause maybe there are users that has suggestion how to connect to DB, the OOP way. Thank you for the serious replies! Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-665866 Share on other sites More sharing options...
Andy17 Posted October 15, 2008 Share Posted October 15, 2008 Jeez, If this connection is ok then thank you for the replies, well I am just worried with SQL injections..... mysql_real_escape_string() should take care of that just fine. Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-666023 Share on other sites More sharing options...
closed_tag Posted October 23, 2008 Author Share Posted October 23, 2008 Thank you Andy17 for the replies!!! Quote Link to comment https://forums.phpfreaks.com/topic/127673-solved-secured-database-connection/#findComment-672533 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.