Home/ Questions/Q 8797909
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T23:57:14+00:00

I have made a website where I only display items from my db tables,

  • 0

I have made a website where I only display items from my db tables, I pass variables from one page to the other to display certain items, there is no adding, deleting or editing to my table items in my website is just displaying information. 

$aaa = _POST['aaa'];

$databasehost = "localhost";
$databasename = "mydb";
$databaseusername = "user";
$databasepassword = "password";

// Connect to the database server
$dbcnx = @mysql_connect($databasehost, $databaseusername, $databasepassword);
 if (!$dbcnx) {
 echo( "<font color='red'><P>can't connect to server.</P></font>" );
 exit();
  }
 // Select the database
 if (! @mysql_select_db($databasename) ) {
 echo( "<font color='red'><P>can't connect to db </P></font>");
 exit();
  }

 $aaa = mysql_real_escape_string($aaa)

 // and with $aaa I do my query

I have read that protecting my variables with the mysql_real_escape_string() I stop any injections into my query’s but I feel vulnerable with:

 $databasehost = "localhost";
 $databasename = "mydb";
 $databaseusername = "user";
 $databasepassword = "password";

Am I just paranoid or is there a way protect this information that connects to y server and data base?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is no way for anyone to see the db connection information without gaining access to your server (since the PHP is executed on the server and not sent to the user’s browser). That being said, if you are concerned about that you may want to consider putting those variables in a configuration file, and encrypting them.

    • 0