NerdConcepts Posted December 18, 2007 Share Posted December 18, 2007 Almost all of my php pages include many instances where a sql connection is needed. To keep myself from having to keep coding the SQL stuff I run the connection within the header of the page and close the connect at the footer. By doing this am I opening up myself to a security problem. In my mind I am not, but the books I have seem to close the sql connect before HTML begins. My problem is that inside the HTML I need a database connection to pull information from the database. Just wondering I guess. Quote Link to comment https://forums.phpfreaks.com/topic/82146-solved-quick-security-question/ Share on other sites More sharing options...
btherl Posted December 18, 2007 Share Posted December 18, 2007 I don't think there's a security problem there. Just make sure you sanitize any user provided data that goes into database queries. There's no need to close the connection early for security (though it's often good for performance reasons). Quote Link to comment https://forums.phpfreaks.com/topic/82146-solved-quick-security-question/#findComment-417447 Share on other sites More sharing options...
NerdConcepts Posted December 18, 2007 Author Share Posted December 18, 2007 Thanks, that is all I needed to know. The only information that goes into the database that is user supplied are when they register, leave comments, or modify their account settings. Which in that case it goes through very tight processing to make sure the data supplied isn't dangerous in any way. Quote Link to comment https://forums.phpfreaks.com/topic/82146-solved-quick-security-question/#findComment-417484 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.