Jump to content

[SOLVED] Secured Database Connection

closed_tag

By closed_tag
in PHP Coding Help

 Share

Recommended Posts

closed_tag Newbie

closed_tag

Posted
Posted

$mysqlhost = "localhost";

$user = "username";

$pass ="password";

$site_db = "database name";

 

$connection = mysql_connect($mysqlhost,$user,$pass) or die(mysql_error());

mysql_select_db($site_db,$connection);

 

Well I am a new PHP developer and the above code is just my way how to connect to the database. I am shifting to OOP and I want a secured kind of connection.... Can you help me how to do this, or atleast give me an idea what is to consider to a good database connection?

Thank you guys!  ???

Link to comment
Share on other sites
DarkWater Member

DarkWater

Posted
Posted

That way of connecting is fine. A more critical part of securing your MySQL code is to be SQL injection proof. Also, if you are handling personal information, you should consider using SSL.

 

Good luck connecting to MySQL over SSL, considering that SSL has nothing to do with databases.

Link to comment
Share on other sites
BillyBoB Regular Member

BillyBoB

Posted
Posted

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

Link to comment
Share on other sites
DarkWater Member

DarkWater

Posted
Posted

If you are worried about someone connecting to your database with your credentials you could include a file from within your server(not in the html folder) with your log in details in that. That's depending on if you have access to that kind of root folder.

 

Also, DarkWater nobody here is being a jerk, I was just stating that you should have read that with a little more detail before posting something useless.

 

Sorry, BillyBoB, I wasn't talking about you.  I was talking about Blade's ridiculously jerk-y sarcasm.  I already typed my post out before you posted and then just clicked Post without reading your post.

Link to comment
Share on other sites
The Little Guy Prolific Member

The Little Guy

Posted
Posted

More secure:

 

1. Give the connecting user a limited amount of actions: SELECT, DELETE, INSERT, UPDATE

- or make 4 different users each only having one action, that way you can not DELETE with a user who can only SELECT

2. Give the connecting user a very hard/complicated password: kjdu43jm34&3%$dfj

3. Place the database connection file outside of the root web folder, so it can not be accessed through http(s)

Link to comment
Share on other sites
closed_tag Newbie

closed_tag

Posted
  • Author
Posted

Jeez, If this connection is ok then thank you for the replies, well I am just worried with SQL injections.....

 

Well, Billybob there is a connection with OOP cause maybe there are users that has suggestion how to connect to DB, the OOP way.

 

Thank you for the serious replies!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.