How to make mysql_connect more secure

purpleI

Hi all,

My first post!! Apologies in advance....

I am going to use the code below:

$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
    		die('Could not connect: ' . mysql_error());
			}
echo 'Connected successfully';
mysql_close($link);

The password and username are therefore hardcoded into the page. Is this the most secure way of connected MySQL??

Also, i assume there is an easier way of connecting to MySQL on each page other than adding the code (include function....any help?)

Thanks in advance

HalfaBee

I normally put similar code to that in a file below the htdocs (or whatever your public html dir is called) dir, and then include the file when needed.
If you use the same DB all the time you can add mysql_select_db() as well.
You probably don't want to close it in the same file. 😉

purpleI

Thanks HalfaBee

Will start to use mysql_select_db().

So, why don't i want to close the Db link in the same file? I would normally close the link directly after all Db querying has finished - is this bad practice?

HalfaBee

If you close the link at the start, it is not available in the rest of the script.
Closing after the queries is a good idea.

bradgrafelman

Also note that closing the connection isn't required either - it's automatically done after the script has finished executing. If you want to immediately free up the connection, though, I suppose it's a good practice to get into.

As stated, you could make a "db.php" include file (consisting basically of the code you posted above) and place it outside the root of your website and simply [man]include/man that script on any page that uses a database connection.