Results 1 to 11 of 11
May 6, 2012, 12:36 #1
- Join Date
- Aug 2010
- 2 Post(s)
- 0 Thread(s)
Passing around Database Connection
I am concerned that passing my DB Connection string from file to file is a security risk...
The actual DB Connection string is located in mysqli_connect.php...
// Make the connection.
$dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die('Could not connect to database. Contact System Administrator.');
Here is where I fear that I am doing something insecure...
In profile.php script, I include this DB connection like this...
// Connect to the database.
require_once(WEB_ROOT . 'private/mysqli_connect.php');
// Get # of Posts.
$numberOfPosts = getNumberOfPosts($dbc, $id);
The problem - as I found out last night - is that I can't require the DB Connection from inside my Function, so it looks like I have to pass it as an argument to my Function as seen above.
I am concerned that I am passing my Database's Username and Password for all to see in plain sight by doing this?!
I need some serious help/advice here!!