Good day to all,
First my purpose is to share my database connection to someone (other server) but I want to restrict them from modifying it. It is just for viewing data not for modifying.
Code:
/*this is my php file that I wanted to share wherein the database connection can be found.
it's name for example is conn.php*/
mysql_connect('localhost,root,rootpassword');
mysql_select_db('db_database');
Now that I have my conn.php containing the sensitive part of my database including a password. This is the php file from another server that I want to share my conn.php to.
Code:
/*this is my php file from another server that will use my conn.php.
it's name for example is client.php*/
include 'http://www.mysite.com/conn.php';
$viewrecord = mysql_query("select * from record where id = 'myname'");
while ($result = mysql_fetch_array($viewrecord))
{
echo $result['name'];
}
Now, we have settled the connection, and the client can view now the record from table record.
What I'm afraid of is, What if the client.php did something like:
Code:
include 'http://www.mysite.com/conn.php';
$name = "I will";
$age = "destroy the hell";
$address = "out of your database hahaha";
mysql_query("update record (name,age,address) values ('$name','$age','$address') where id = 'myname'");
Man that will be the worse day of my database if he did something like that, please advice me of some of security techniques.
Thanks!
Before you post, read our: 
Help on security!
