gibbo1715 Posted November 17, 2009 Share Posted November 17, 2009 Hi all In new to php/ mysql and am just starting to learn the basics in an unfamiliar language i ve started to look at connecting to a database and how to run my sql queries i ve put together a quick counter for a table in my database to test the code (Which works) but i want to know 1. Whats best practice around includes 2. What security issues do i need to consider 3. Is the approach i ve got below the right one (i.e.) having an include for all my sql queries and a seperate file that links to the database 4. Is there a better more secure database connection string or have i got this about right thanks gibbo Index.php <?php require('functions.php'); // Get the results from the function in functions.php $myresult = counter(); echo $myresult; ?> functions.php <?php require('dbconnect.php'); //run an sql query function counter() { $test = 'members'; $result = mysql_query("SELECT * FROM $test"); $num_rows = mysql_num_rows($result); return $num_rows; } ?> dbconnect.php <?php // Database connection parameters // MySQL database host $dbhost = 'localhost'; // MySQL database username $dbuser = 'me'; // MySQL password $dbpass = 'justatestpassword'; // MySQL database name $dbselect = 'mytestdb'; // Connect to database if (!mysql_connect($dbhost,$dbuser,$dbpass)) die('ERROR: Could not connect to MySQL database!'); // Select database if (!mysql_select_db($dbselect)) die('ERROR: Could not select MySQL database!'); ?> Link to comment https://forums.phpfreaks.com/topic/181862-question-re-best-practic-please/ Share on other sites More sharing options...
gibbo1715 Posted November 17, 2009 Author Share Posted November 17, 2009 Made a few changes as below Gibbo <?php require('functions.php'); $getdata = 'members'; // Get the results from the function in functions.php $myresult = counter($getdata); echo $myresult; phpinfo(); ?> functions.php <?php require('dbconnect.php'); //run a select query function counter($test) { //ensure to direct input attach can happen $test = mysql_real_escape_string($test); //run query $result = mysql_query("SELECT * FROM $test"); $num_rows = mysql_num_rows($result); //return result return $num_rows; } ?> Link to comment https://forums.phpfreaks.com/topic/181862-question-re-best-practic-please/#findComment-959146 Share on other sites More sharing options...
mattyvx Posted November 17, 2009 Share Posted November 17, 2009 I hope that the login details you gave wern't your real logins... if so i'd change your "justatestpassword" now! Link to comment https://forums.phpfreaks.com/topic/181862-question-re-best-practic-please/#findComment-959164 Share on other sites More sharing options...
gibbo1715 Posted November 17, 2009 Author Share Posted November 17, 2009 Nope, none of the details are real and its on a local server anyway not connected to the web, but thanks for asking the question to be on the safe side gibbo Link to comment https://forums.phpfreaks.com/topic/181862-question-re-best-practic-please/#findComment-959205 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.