Page 1 of 1

PHP Login to mySQL --This works, but is it secure?--

Posted: Mon Dec 02, 2002 4:55 pm
by wahh346
First off, I'm new to this. By reading various tutorials I pieced together this little method of logging in to a mySQL database through PHP. It works, but is this an accepted method for authenticating users, and is it secure?

$hostname = "fortress";
$username = $_POST['username'];
$password = $_POST['password'];

$dbh = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");

I doubt I'm the first to try/use this method. I see the main benifit being that mySQL authenticates the user and also allows me to keep certain users out of certain tables. Any pointers, comments, feedback would be appreciated. Thanks!

-wahh346

Posted: Mon Dec 02, 2002 5:37 pm
by mydimension
if its for a database admin tool like phpMyAdmin then its as secure as MySQL wants it to be (pretty sure on this, could someone double check me?).

if you are making a membership system for your site then it is not secure or even practical.

Posted: Mon Dec 02, 2002 6:29 pm
by oldtimer
I would put your username, password and dbname in a file like config.php and keep it out of the main root. Then include it.

Code: Select all

<?php
include ("../config.php");

?>