Home/ Questions/Q 8231391
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T17:28:23+00:00

This is the first time I make a database for user interaction and I

  • 0

This is the first time I make a database for user interaction and I have some “silly” questions but I do not know how to google them to have a correct answer so here it is:

What I want:

I want to have a database where there will be users that have writen comments and articles. I will have user critical information such as name and addres and maybe credit card that I will have to recover it.

What I have done

I have create a database with a table for users with its information and then related to a table with comments and an other with articles.

My problems

1) When you do a db connection, do you do every time with the same user (of course not root) and then you compare the nickname and pass? That’s what I have but it’s pretty strange for me because if anyone knows my user and pass to connect to db will have all the information. I have thougth of having an account for each user but then how I can restrict to add//erase/see only things for their accounts?

2) I have read some questions and now I know I have to store passwords and compare them with bcrypt. Also I know credit card is not recomendable to store so probabilly I won’t do it but for the rest of things (address, name) which is the best way to store them?

3) If an user does a connection and it’s probabilly that will do more in a short time, is it better to close and open the connection each time? how can I control the session? Code is writen in php for connecting mobile devices to mysql.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, don’t store credit cards in your own database. Use something like stripe to tokenize the data (Free to sign up and anyone gets accepted).

    If you are doing a mobile app with your own usernames and password, a remote server with usernames / passwords is the way to go. Hashing is usually a better approach for passwords than encrypting, since hashes are one way (you can know if a password matches, but you can never retrieve the password as a string).

    As for connecting to your database, don’t connect to it directly. Do it through an api / web service on your server.

    For getting info from the server, you’ll probably want to use json and use GET and POST requests. Here’s a simple example for handling a login request on the server (make a post from the device):

    <?php

if(isset($_POST['username']) && isset($_POST['password']))
{
  //See if the user's auth details are valid
  $auth = auth_model::try_auth(sanitizer($_POST['username']), sanitizer($_POST['password']));

  //If valid
  if($auth)
  {
    echo json_encode(other_model::some_function_that_returns_array());
    exit;
  }
  else
  {
    echo json_encode(array('error' => 'Authentication failed.'));
    exit;
  }
}

    Note that I totally made up auth_model, sanitizer, and other_model, they are just there for example.

    Most languages / platforms have libraries for consuming json, and it’s a simple format, so as a starting point I think you’ll have the easiest time with it.

    For sessions / state, store your session in a database table and return just the id (and anything else that doesn’t really need to be secure) to the client.

    • 0