Rewriting mysql_* functions

[guitarclap]

I have issues with security. Is there a way to rewrite all the mysql_* functions in PHP to something else...

 

Like instead of \'mysql_db_query()\' ... can i name id \'getQuery()\' ... or so on.

 

The reasons are, if somehow someone can upload a script onto my server, the common database functions will allow them to access anything. Would changing these function names increase security?

 

Thanks

Brnadon

[Derek]

I don\'t see this changing anything at all. Security is not in your function names. Access is handled with your grant tables, people don\'t just have access automatically, unless you allow it.

[BK87]

you don\'t have to edit the php source for this... just do

[php:1:1eb605ea67]<?php

function query_db($query){

$mysql_query=mysql_query($query);

return $mysql_query;

}

$sample_query=query_db(\"select * from table order by column asc\");

?>[/php:1:1eb605ea67]

 

just some simple shit....

[gizmola]

I have issues with security.  Is there a way to rewrite all the mysql_* functions in PHP to something else...

 

Like instead of \'mysql_db_query()\' ...  can i name id \'getQuery()\' ... or so on.

 

The reasons are, if somehow someone can upload a script onto my server, the common database functions will allow them to access anything.  Would changing these function names increase security?

 

Thanks

Brnadon

 

If people are able to upload scripts to your webspace, then that\'s where your security problem lies. Using the raw functions will do nothing at all unless people know that you have certain include files that you use which provide a database connection.