Posted by Ron on 03/01/07 14:38

On 1 Mar 2007 02:19:44 -0800, "Stevene"
<steve.with.the.hood@gmail.com> wrote:

>> I connect to my database in a way that I think is pretty unsecure.
>
>> <?
>> $dbh=mysql_connect ("localhost", "database", "password")
>> or die ('I cannot connect to the database because: ' . mysql_error());
>> mysql_select_db ("database_table");
>> echo "<p>Database selected...\n";
>>
>
>
>I'm new to php development, in particular, and I am curious, why is
>this method insecure? Are there ways around the preprocessor so that
>the script can be read?
Yes,this is what I read. So the above would give direct access to the
database. In some cases I think people could be makind a database with
the same user/pw info as their main login as I used to do. Now I
created a secong login and if something was wrng could change the
password or delete the login.

• Next in forum: Regular expression in MySQL (need to strip number fiel of spaces and then match).
• Prev in forum: Re: Connection Script... a better way?
• Thread view: Re: Connection Script... a better way?

[Reply to this message]