Home/ Questions/Q 9175201
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T16:52:30+00:00

Possible Duplicate: How to safely store a password inside PHP code? So this is

  • 0

Possible Duplicate:
How to safely store a password inside PHP code?

So this is the scenario
I have an C# program.
It will send the Serial Number to my website. (eg: http://www.example.com/LicenseCheck.php)
lets say it sent 1234-1234-1234 as serial.

The licenseCheck.php will then connect to my mysql:

<?php
$username = "your_name";
$password = "your_password";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
?>

then it will do a “select” from valid serial table and if the license exist in the table then that means it’s a valid serial.

Basically, what im trying to find what would be a good way to approach this.
I’m mostly worried about where to store the “Username”, “Password”. basically I will only have one user who will only have the read permission.

I would like to hide the username and password as best as possible and would like to approach this in a secure way.

What do I mean by “Secure”? Just a way that would keep unauthorized users from getting into my my databasae.

Thanks for all the help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql function are no longer to be used. I’m going to give you a mysqli procedural approach to your solution. I’m also going to include a secure method of saving your password.

    basic mysqli connection and querying:

    $queryString = "SELECT COUNT(*) FROM table WHERE userName = ? AND password=?";//not the question marks
//the question marks are used to bind our parameters/variables so the query string cannot be adjusted I believe? 
$DBH=mysqli_connect('local','user','pass');
mysqli_select_db($DBH,'database');
$query = mysqli_prepare($DBH,$queryString);
mysqli_bind_param($query,'ss',$username,$passwordHASH);//the second parameter declares the datatypes 
mysqli_execute($query);
//mysqli_bind_result($results); ||not needed in this situation but this is how you'd get results from the database
if(mysqli_fetch($query)){ //adding  && $results = 1 would insure there is only one record
    //username and password match
}
else{
    //error builder etc
}

    Now for your passwords I’d recommend using a hmac_hash() to provide protection. When inserting your passwords to your database insure that they are hmac_hash()ed to that when you come to querying your database these are protected as such.

    $passwordHASH = hash_hmac('sha512',$hashThis, '&R4nD0m^');

    So basically your query/fetch will return true if COUNT(*) returns 1 if username and password is equal to $username and $passwordHASH.

    BUT having said all that couldn’t you use #include <mysql.h> the mysql library in C#?

    • 0