db connection

[RON_ron]

When I need to post / get data out of the MySQL, if I use the username and password which is the same username and password to access the CP,

 

1. is this a bad thing to do?

2. Is it safe/risky?

 

<?php
$conn = mysql_connect("localhost","the_un1","the_pw1");
$db = mysql_select_db("the_db");

[fenway]

Huh?

[RON_ron]

I don't really know... but there is an option of creating users + passwords when a creating a database using PhpMyAdmin. So I'm confused. 

 

As you see I'm a novice! 

[fenway]

So you're asking how to create users?

[RON_ron]

Nope.

 

I'm asking if it is safe to use the username and password (given by the host) in the php connection?

or can the usernames and passwords which was created when creating the database should be safer and used to connect to the database?

 

E.g.1

<?php
$link = mysql_connect("localhost","username_given_by_host","password_given_by_host");
mysql_select_db("db_1");

 

E.g.2

<?php
$link = mysql_connect("localhost","username_created_when_creating_the_db","password_created_when_creating_the_db");
mysql_select_db("db_1");

[jdavidbakr]

Are you asking if you should use your administrator account or connect to the database with a different user in your application?

 

I always create a separate user for each application database - I have dozens of applications on my site, each running on their own database, and each has their own user.  I do that so that if one of the users somehow gets compromised they only have access to the single database.  Could be overkill but it makes me feel better.  I would never put an administrator's password into any PHP connection code, though.

[RON_ron]

Hi jdavidbakr.

 

That was exactly what I wanted to know.

 

Many thanks!

Ron.