0

So when I try to verify login username and password, would I want to attempt to connect to the database using those login information? or using the root/administrator/super-user username and password?

I heard doing the latter may result in holes in security but I'm not sure how else to verify the login information unless mysqli_connect provides an error code when the database connection cannot be established due to invalid username/password fields...

Improve this question
1
  • Is the username/password combination you're trying to verify a login for the database, or a login for some web application you're writing which merely uses the database to store passwords? Commented Jun 28, 2013 at 21:09

2 Answers 2

Reset to default
1

You should be using whatever username and password you've configured database access for, using CREATE USER and GRANT commands in the database management system. It's unlikely that every application user has their own account in the database system as well. Your database administrator should be able to tell you the appropriate user and password for your application. (If you're the DBA, I think you need to bone up...)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Don't use an mysqli_connect, use a PDO connection to connect to your database and store it in a folder with a htaccess file that blocks anyone getting access to it. Something like the below should do it:

<?php
try {
$pdo = new PDO('mysql:host=188.121.44.140;dbname=yourdatabasename', 'yourdatabasename', 'yourpassword');
} catch (PDOException $e) {
    exit('Database error.');
}
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.