xboxfun
asked on
how secure is this now?
I need to make an SQL call to pull back some info, I am very worried this is not secure in php page as it contains my username and password.
<?php
$con = mysql_connect('localhost', 'NAME', 'PASSWORD');
mysql_select_db('DATABASE' ,$con);
<?php
$con = mysql_connect('localhost',
mysql_select_db('DATABASE'
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Afterthought... PHP.net is now recomending MySQLi or PDO. Check the big red warning box in the link here:
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-query.php
ASKER
manyn thanks for great advice.
I have checked the warnings and I tried to change mysql to MySQLi but it fails each time, i am thinking i may have to upgrade mysql i hope not.
I have checked the warnings and I tried to change mysql to MySQLi but it fails each time, i am thinking i may have to upgrade mysql i hope not.
Open in new window
To the issue of security, you might consider putting the connection and selection variables in a file outside of the web root. You will probably be OK with what you have now, but that might add a measure of confidence. Then if PHP failed for some reason, and the web server continued to run, your passwords would not get exposed. As a practical matter, this is a very unlikely event.