PHP Login to mySQL --This works, but is it secure?--

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wahh346
Forum Newbie
Posts: 2
Joined: Mon Dec 02, 2002 4:55 pm
Location: Daytona Beach, FL

PHP Login to mySQL --This works, but is it secure?--

Post by wahh346 »

First off, I'm new to this. By reading various tutorials I pieced together this little method of logging in to a mySQL database through PHP. It works, but is this an accepted method for authenticating users, and is it secure?

$hostname = "fortress";
$username = $_POST['username'];
$password = $_POST['password'];

$dbh = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");

I doubt I'm the first to try/use this method. I see the main benifit being that mySQL authenticates the user and also allows me to keep certain users out of certain tables. Any pointers, comments, feedback would be appreciated. Thanks!

-wahh346
User avatar
mydimension
Moderator
Posts: 531
Joined: Tue Apr 23, 2002 6:00 pm
Location: Lowell, MA USA
Contact:

Post by mydimension »

if its for a database admin tool like phpMyAdmin then its as secure as MySQL wants it to be (pretty sure on this, could someone double check me?).

if you are making a membership system for your site then it is not secure or even practical.
oldtimer
Forum Contributor
Posts: 204
Joined: Sun Nov 03, 2002 8:21 pm
Location: Washington State

Post by oldtimer »

I would put your username, password and dbname in a file like config.php and keep it out of the main root. Then include it.

Code: Select all

<?php
include ("../config.php");

?>
Post Reply