Connecting to MySQL database with PHP

PaulStat

PaulStat

PaulStat

Soldato
Joined
1 Mar 2003
Posts
5,508
Location
Cotham, Bristol
Hi Guys,

I've found this tutorial http://www.php-mysql-tutorial.com/wikis/mysql-tutorials/retrieve-data-from-a-mysql-database.aspx, which is great but it doesn't sound very secure? Basically the method they have is something like

opendb.php
PHP: 
<?php
   $dbhost = 'localhost';
   $dbuser = 'root';
   $dbpass = '';
					
   $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql');

   $dbname = 'database';
   mysql_select_db($dbname);
?>

closedb.php
PHP: 
<?php
   mysql_close($conn);
?>

selectdata.php
PHP: 
<?php
   include("opendb.php");
   // Do some selection
   include("closedb.php")
?>

Having the user and password in the php doesn't sound very secure to me?
 
Only people who have FTP access (or control panel access) will be able to read the username/password. Anyone browsing your website won't.
 
opendb.php should be in a non web accessible location, ideally with 600 permissions, so that only your PHP user can read the file.

Also, when doing this in production you wouldn't connect to the mysql server as root, but instead as a normal user.
 
You must log in or register to reply here.
Back
Top Bottom