I'm in the process of converting some queries to prepared statements and I currently have the following in a connect file:
<?php
DEFINE ('DB_USER' , 'blah');
DEFINE ('DB_PASSWORD' , 'blah');
DEFINE ('DB_HOST' , 'localhost');
DEFINE ('DB_NAME' , 'blah');
//make the connection
$dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die ('Could not connect to MySQL: ' .
mysqli_connect_error() );
?>
Can I still use $dbc somehow? I don't want to plaintext my connection information into a statement like this:
$mysqli = new mysqli("heres", "all", "my", "sensitive", "information"):
Thanks in advance!
You can put the sensitive information in a file that's not in the webroot.
And you could use SSL to connect to the mysql server
http://dev.mysql.com/doc/refman/5.0/en/ssl-connections.html
Related
I have read a lot about this but it still doesn't work.
I'm just trying to select a database to create a new table in, I try:
$db = mysqli_select_db("test");
if(!$db) {
echo "error: " . mysqli_error($db);
}
But I still get an error (and mysqli_error($db) doesn't seem to work).
Of course I have already connected to it:
$con=mysqli_connect("localhost", "administrator", "****");
On phpMyAdmin I have these databases:
Why can't I select "test" ?
And creating a database doesn't work because I don't have the rights, as you can see.
The procedular signature of this function is:
bool mysqli_select_db ( mysqli $link , string $dbname )
So you will have to provide the resource you got back from the mysqli_connect() to make it work. Something like this:
$con = mysqli_connect("localhost", "administrator", "****");
$success = mysqli_select_db($con, "test");
Alternatively you could specify the database on the connect call with a 4th argument:
$con = mysqli_connect("localhost", "administrator", "***", "test");
See the examples on mysqli_connect().
mysqli_select_db function requires two parameters link and dbname. Please refer to the documentation:
http://php.net/manual/en/mysqli.select-db.php
You are only passing link and no database name in your call:
$db = mysqli_select_db("test");
in the past I have used smt like:
$con = mysql_connect("localhost", "root", "root") or
die("Could not connect: " . mysql_error());
mysql_select_db("xxx");
But now, I've noticed everybody started using smt like this:
if (!defined('DB_HOST')) define('DB_HOST','localhost');
if (!defined('DB_USER')) define('DB_USER','root');
if (!defined('DB_PASS')) define('DB_PASS','root');
if (!defined('DB_NAME')) define('DB_NAME','xxx');
What's different about their usage? For example echoing, filtering..
Thanks for help
Well, none of them are wrong, it's your choice. I think the second alternative is more like a good practice. But my statement is valid only if you define it in one file and require_once in the others. Example:
db_config.php:
if (!defined('DB_HOST')) define('DB_HOST','localhost');
if (!defined('DB_USER')) define('DB_USER','root');
if (!defined('DB_PASS')) define('DB_PASS','root');
if (!defined('DB_NAME')) define('DB_NAME','xxx');
query.php:
require_once db_config.php;
$con = mysql_connect(DB_HOST, DB_USER, DB_NAME) or
die("Could not connect: " . mysql_error());
mysql_select_db("xxx");
But why? Imagine that you want to change your database name, user or password. If you have code mysql_connect("localhost", "root", "root") every time you needed it, a change of plans will make you go through a lot of re-coding. But if you define them in one place as the second alternative does, you won't have to rewrite a lot of files.
If you have connection in more than one place(poor design) With constants you would have one place where you can edit connection configuration without need to go through all code and find all the places where you opened connections.
So your connection code would look like:
$con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or
die("Could not connect: " . mysql_error());
mysql_select_db(DB_NAME);
I've seen a few errors like this, but I found no answer.
Unable to connect to database: Access denied for user ''#'localhost' to database 'socialdb'
socialdb is my database. The "Unable to connect to database:" part is located here.
$db = mysql_select_db("socialdb",$con);
if(!$db) {
die ('Unable to connect to database: ' . mysql_error());
}
I don't know what's causing this. Here are my mysql_connect details
<?php
$con = mysql_connect("localhost");
if(!$con) {
die ('Error: ' . mysql_error());
}
I need to find the root. Thanks.
I DON'T HAVE A USERNAME OR PASSWORD FOR MySQL
Should it be this?
mysql_connect("localhost","","");
The error is pretty self-explanatory, you're not allowed to connect without specifying some credentials.
Change your call to mysql_connect() to something like this:
mysql_connect("localhost", "user", "password");
Your default credentials are most likely:
$con = mysql_connect("localhost","root","");
You're missing username and password parameter, should be:
$con = mysql_connect("localhost","username","password");
You did not specify a user in neither mysql_connect or your PHP configuration.
Either set mysql.default_user and mysql.default_password in your PHP configuration or use the appropriate arguments for mysql_connect.
mysql_connect takes 3 parameters
$con = mysql_connect("localhost", "dbuser", "password");
even if you are not having a user. there exist 'root' user
so use it
$con = mysql_connect('localhost','root','');
Not wanting this question to be too long, I will skip to an example:
If I have 2 files: paper.php and rock.php, and they contain the following:
paper.php:
include('rock.php');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");
and rock.php:
define ("DB_HOST", "localhost");
define ("DB_USER", "foo");
define ("DB_PASS","bar");
define ("DB_NAME","fooDBar");
Eventually, will the user viewing my paper.php file be connected to the DB or not?
Not wanting the answer to be too long:
Yes.
Yes, you define all the appropriate variables in rock.php and are including rock.php, then they will be defined for the whole program execution, including where you do a mysql_connect().
i am new in php and want to know the code for php mysql database connection code
Refer to the PHP documentation for mysql_connect.
<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
Here is the bare bone of it:
$db1 = mysql_connect( ... );
mysql_select_db('existing_db',$db1);
$db2 = mysql_connect( ... );
mysql_select_db('not_existing_db', $db2);
mysql_query(... , $db2);
More Info:
http://php.net/manual/en/function.mysql-connect.php
MySQL PHP Connect Tutorial
A Detailed Tutorial:
http://www.phpf1.com/tutorial/php-mysql-tutorial.html?page=1
<?php
mysql_connect("localhost", "username", "password") or die(mysql_error());
echo "Connection to the server was successful!<br/>";
mysql_select_db("test") or die(mysql_error());
echo "Database was selected!<br/>";
?>
Watch also mysqli,it's the "new way" of connecting to mysql
http://php.net/manual/en/book.mysqli.php
it has more functions and there are rumors that in php6 mysql will be deprecated for the mysqli implementation.
you can use it as an object(but if you're new also to OO it may be a little more difficult to understand)like this:
//--connection to the database--
$db=mysqli_connect('sql.mysqlhost.com','database_username','password','database_name');//you can also use $db=new mysqli(....) but mysql_connect does the same thing and it's more cler on what it's doing
//--a simple query--
if($result=$db::query('SELECT name,value FROM mytable')){//query ok
echo 'Select returned ',$result->num_rows,'rows<br/>';
while($row=$result->fetch_assoc()){//get one row in an assoc.array
echo 'Name:',$row['name'],' Value:',$row['value'],'<br/>';//print each row
}
$result->close();
}
else//query error
die('MYSQL ERROR:'.$db->error);
or with functions like in mysql
//--connection to the database--
$db=mysqli_connect('sql.mysqlhost.com','database_username','password','database_name');
//--a simple query--
if($result=mysql_query($db,'SELECT name,value FROM mytable')){//query ok
echo 'Select returned ',mysql_num_rows($result),'rows<br/>';
while($row=mysqli_fetch_assoc($result)){//get one row in an assoc.array
echo 'Name:',$row['name'],' Value:',$row['value'],'<br/>';//print each row
}
mysql_free_result($result);
}
else//query error
die('MYSQL ERROR:'.mysqli_connect_error());
You can also use a persistent mysql connection prepending 'p:' to the sql host,for example if your host is sql.myhost.com:
$db=mysqli_connect('p:sql.mysqlhost.com','database_username','password','database_name');
Using a persistent connection should give you a great performance boost and mysqli should handle the persistent connection a lot better than the normal mysql extension.
Remember to sanitize the input of your query to avoid SQL INJECTION,you can do like this:
$result=mysql_query($db,"SELECT name,value FROM mytable where name='".mysqli_real_escape_string($input_name)."'");
or using a prepared statement that's a little more complicated and it's better only if you repeat the same command multiple times only changing the input data.