Connection Script... a better way?

Hi all,

I connect to my database in a way that I think is pretty unsecure.
What I have works well so I haven't messed with it but maybe I could
get a suggestion or two? I keep finding the script examples that
taught me to make the connection in the first place

I use:
$dbh=mysql_connect ("localhost", "database", "password")
or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database_table");
echo "

Database selected...\n";

and on to echoing out my list through a loop.

Is there a way to call the the database and password info from an
external file. Is there a different version of an include?

Any help or leads would be appreciated

thx..ron

Re: Connection Script... a better way?

Ron wrote:
> Hi all,
>
> I connect to my database in a way that I think is pretty unsecure.
> What I have works well so I haven't messed with it but maybe I could
> get a suggestion or two? I keep finding the script examples that
> taught me to make the connection in the first place
>
> I use:
> > $dbh=mysql_connect ("localhost", "database", "password")
> or die ('I cannot connect to the database because: ' . mysql_error());
> mysql_select_db ("database_table");
> echo "

Database selected...\n";
>
> and on to echoing out my list through a loop.
>
> Is there a way to call the the database and password info from an
> external file. Is there a different version of an include?
>
> Any help or leads would be appreciated

You can use include()/required_once() to include the file with the connection,
you place it outside the web directory in a location where you can't access it
directly with a browser.


--

//Aho

Re: Connection Script... a better way?

> I connect to my database in a way that I think is pretty unsecure.

> > $dbh=mysql_connect ("localhost", "database", "password")
> or die ('I cannot connect to the database because: ' . mysql_error());
> mysql_select_db ("database_table");
> echo "

Database selected...\n";
>


I'm new to php development, in particular, and I am curious, why is
this method insecure? Are there ways around the preprocessor so that
the script can be read?

Re: Connection Script... a better way?

On 1 Mar, 10:19, "Stevene" wrote:
> > I connect to my database in a way that I think is pretty unsecure.
> > > > $dbh=mysql_connect ("localhost", "database", "password")
> > or die ('I cannot connect to the database because: ' . mysql_error());
> > mysql_select_db ("database_table");
> > echo "

Database selected...\n";
>
> I'm new to php development, in particular, and I am curious, why is
> this method insecure? Are there ways around the preprocessor so that
> the script can be read?

Generally no, but there cold be occasions, such as when changes are
made to the server, where the preprocessor may not be functioning.

Re: Connection Script... a better way?

On 1 Mar 2007 02:19:44 -0800, "Stevene"
wrote:

>> I connect to my database in a way that I think is pretty unsecure.
>
>> >> $dbh=mysql_connect ("localhost", "database", "password")
>> or die ('I cannot connect to the database because: ' . mysql_error());
>> mysql_select_db ("database_table");
>> echo "

Database selected...\n";
>>
>
>
>I'm new to php development, in particular, and I am curious, why is
>this method insecure? Are there ways around the preprocessor so that
>the script can be read?
Yes,this is what I read. So the above would give direct access to the
database. In some cases I think people could be makind a database with
the same user/pw info as their main login as I used to do. Now I
created a secong login and if something was wrng could change the
password or delete the login.