dbConnect.php

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
cecilchampenois
Forum Commoner
Posts: 47
Joined: Thu Nov 06, 2014 10:29 am
Location: Gilbert, Arizona
Contact:

dbConnect.php

Post by cecilchampenois »

In one php file, dbConnect.php, the creator of the program starts off with using mysql_connect() to connect to MySQL with a user ID and password before the User's Login ID is even tried. Is this necessary? Is this how it has to be? I mean, he puts a Login_ID and Password directly into the php code of this program. The Password happens to also be the Administrator's password to MySQL. This somehow doesn't seem right to me. This was done back in 2009 by the then developer.

Code: Select all

$ms = mysql_pconnect($host, $user, $pass);
Cecil Champenois
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: dbConnect.php

Post by Celauran »

Having MySQL credentials hardcoded somewhere is necessary for the app to be able to connect to the database. Each app should have its own MySQL account. You should never use the root account for anything other than DBA type work. Certainly no web app should ever use it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: dbConnect.php

Post by Christopher »

Yes, I would recommend that you create a MySQL user with only the privileges that the application needs and connect from PHP using that. Never use root.
(#10850)
Post Reply