PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have just added PHP and MySQL to my hosting package. An example connection file was placed on the site for me to read. It is slightly different from the connection method I have been using for testing at home. This is what they suggest:
From the manual I see that this creates a persisten connection, and understand this. However, what puzzles me is the "@" symbol. I have tried searching for this character, but nothing shows up in the manual or forum. I know that it is used for documentation in Java, but not before a function call. Any ideas?
if you prepend @ to an expression, it turns off error reporting just for that expression. Its usually used if you want to handle errors yourself. You just need to remember to check for the errors later in the script. See: http://uk.php.net/manual/en/features.error-handling.php
Jonny
Like most people in this forum suggest, I have placed my db connection details in a file to be included with each script that uses my database.
There have been various discussions about the security of this method, and one problem I found, which wasn't mentioned, is what happens when the MySQL host goes down, but the PHP server stays running? (My host has a seperate "Web" server to the MySQL server.)
You cannot connect to your database and a warning comes back, "Cannot connect, error in file host/include/connection.php at line 3" or whatever.
Then, someone else knows where your connection file is located, and can include this file (absolute address) and get at your database.
By adding "@", this removes this problem and is one more way to foil an attack.
If the host is set to localhost in the connection script then they won't be able to connect to your database from a remote server. If host is an IP address then they may be able to connect if your hosting company hasn't limited access with your username to the server on which your site files reside. The main issue that I could see is the fact that if you've got a bunch of variables like $user/$username and $pass/$password/$pword or the like they could echo them out and gain access to your database through something like http://www.yoursite.com/phpMyAdmin/.