CodingForums.com - View Single Post

lexjoshua · 08-25-2010, 03:14 AM

Good day to all,

First my purpose is to share my database connection to someone (other server) but I want to restrict them from modifying it. It is just for viewing data not for modifying.

Code:

/*this is my php file that I wanted to share wherein the database connection can be found.
it's name for example is conn.php*/

mysql_connect('localhost,root,rootpassword');
mysql_select_db('db_database');

Now that I have my conn.php containing the sensitive part of my database including a password. This is the php file from another server that I want to share my conn.php to.

Code:

/*this is my php file from another server that will use my conn.php.
it's name for example is client.php*/

include 'http://www.mysite.com/conn.php';

$viewrecord = mysql_query("select * from record where id = 'myname'");

while ($result = mysql_fetch_array($viewrecord))
{
   echo $result['name'];
}

Now, we have settled the connection, and the client can view now the record from table record.
What I'm afraid of is, What if the client.php did something like:

Code:

include 'http://www.mysite.com/conn.php';

$name = "I will";
$age = "destroy the hell";
$address = "out of your database hahaha";

mysql_query("update record (name,age,address) values ('$name','$age','$address') where id = 'myname'");

Man that will be the worse day of my database if he did something like that, please advice me of some of security techniques.

Thanks!

08-25-2010, 03:14 AM	PM User \| #1
lexjoshua New Coder Join Date: Aug 2010 Location: Philippines Posts: 15 Thanks: 6 Thanked 0 Times in 0 Posts	Help on security! Good day to all, First my purpose is to share my database connection to someone (other server) but I want to restrict them from modifying it. It is just for viewing data not for modifying. Code: /this is my php file that I wanted to share wherein the database connection can be found. it's name for example is conn.php/ mysql_connect('localhost,root,rootpassword'); mysql_select_db('db_database'); Now that I have my conn.php containing the sensitive part of my database including a password. This is the php file from another server that I want to share my conn.php to. Code: /this is my php file from another server that will use my conn.php. it's name for example is client.php/ include 'http://www.mysite.com/conn.php'; $viewrecord = mysql_query("select * from record where id = 'myname'"); while ($result = mysql_fetch_array($viewrecord)) { echo $result['name']; } Now, we have settled the connection, and the client can view now the record from table record. What I'm afraid of is, What if the client.php did something like: Code: include 'http://www.mysite.com/conn.php'; $name = "I will"; $age = "destroy the hell"; $address = "out of your database hahaha"; mysql_query("update record (name,age,address) values ('$name','$age','$address') where id = 'myname'"); Man that will be the worse day of my database if he did something like that, please advice me of some of security techniques. Thanks!