Passing around Database Connection
I am concerned that passing my DB Connection string from file to file is a security risk... :(
The actual DB Connection string is located in mysqli_connect.php...
// Make the connection.
$dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die('Could not connect to database. Contact System Administrator.');
Here is where I fear that I am doing something insecure...
In profile.php script, I include this DB connection like this...
And then farther down in that same script I call this function...
// Connect to the database.
require_once(WEB_ROOT . 'private/mysqli_connect.php');
// Get # of Posts.
$numberOfPosts = getNumberOfPosts($dbc, $id);
The problem - as I found out last night - is that I can't require the DB Connection from inside my Function, so it looks like I have to pass it as an argument to my Function as seen above.
I am concerned that I am passing my Database's Username and Password for all to see in plain sight by doing this?! :eek:
I need some serious help/advice here!!