...

View Full Version : Is it safe to put database info in my page header?



LJackson
03-05-2009, 03:23 PM
Hi All,

i have this code in my header

if( isset($_POST['submit'])) {
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
// Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
$sql_temp="
UPDATE ratings SET used_ips = 'NULL',total_value = '0',total_votes = '0' WHERE id = 'valuetemp';
UPDATE ratings SET used_ips = 'NULL',total_value = '0',total_votes = '0' WHERE id = 'easeofusetemp';
UPDATE ratings SET used_ips = 'NULL',total_value = '0',total_votes = '0' WHERE id = 'deliverytemp';
UPDATE ratings SET used_ips = 'NULL',total_value = '0',total_votes = '0' WHERE id = 'delchargetemp';";
$query_temp = mysql_query($sql_temp);

echo 'Your vote has been counted! Thank you for voting';
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo 'Sorry, you have provided an invalid security code';
}
}


but when i submit my form the above queries dont run and produce an error because it cant connect to the database, so my question is can i put


$user_name = "*******";
$password = "***********";
$database = "**********";
$server = "************";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {


in the header?, or can i move the first piece of codeinto the body?

here (http://www.kernow-connect.com/teststores.php?Cat=ent&sID=Game)is my page

any help welcomed :)

cheers
Luke

masterofollies
03-05-2009, 03:43 PM
Your DB connection should either be in an include file, or at the very top of your page after <?php or after session_start. As long as it's a php file they can't read the source and get your info.

LJackson
03-05-2009, 03:45 PM
Hi masterofollies,

thanks for the confirmation, just wanted to be sure :)

cheers
Luke

masterofollies
03-05-2009, 04:24 PM
Welcome



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum