Connect to Database

Updated Way of Doing Things

Sorry for the confusion; But, before you read this post starting with the section titled Background please heed the advice I’m about to tell you. If you want your scripts to be snappier and less prone to failure it is good to only make a connection to the database when it is necessary. Up until now I’ve just been connecting to the database at the top of each script and every time the script is executed. Remember a script can be a multistage form script where not every stage will require a database connection.

So, what do I want us to do from now on? Well I’ll outline it here:

  • Every time database access is needed you should do this.
  • Detect whether or not a database connection already exists.
  • Establish a connection if one does not exist.

Well, guess what? I have good news. This is what the PHP documentation for mysql_connect says:

Opens or reuses a connection to a MySQL server.

So, what do I want us to do?

Connect using the advice found on the rest of this page; However, do it only where a connection is needed. As a matter of fact you can connect even if you connected earlier in the script. Just connect at each point in the code where you need a connection.

Background

Every statement in your script which accesses the database will need a connection to the database. On my site I use an include file to accomplish this.

Since I don’t want some hacker to establish a connection to my database by somehow including my database connection file I use a ping-pong variable. This variable will be set before the connection file is included.

For security reasons I have altered sensitive information in my examples. The code on this page is not the exact code I use.

To set the ping-pong variable the following statement must execute before the connection file is included.

$pingPong = "string for it!";

 

The include:

$docRoot = $_SERVER["DOCUMENT_ROOT"];
require_once('$docRoot/web/includes/accessMyDb.php');

Note:

I have at least one separate post just about securing a script file. Please read that; But, if you can’t find it at least read the following paragraph to get some idea what the issues are.

For security you should name the connection file with a .php extension so that if a user loads it directly into their browser he/she won’t get the text of the file. Additionally, disable the web server’s directory indexing so the user won’t know the name of the connection file. In other words we don’t want the user to be able to get a directory listing of the include directory. Also, set up .htaccess to require a password to access the include directory through http.

Connection file:

<?php
// This script will connect to the database using the parameters
// specified in the variables below. If connecting or selecting
// fail an error message will be printed.

if (!isSet($pingPong)) {
  $pingPong = "";
}

if ($pingPong != "the ping-pong string.#*^3") {
  exit('<h2>You can not access this file!</h2>');
}

$hostname = "mysql.domain-name.com";
$user = "mainRoot_alex";
$password = "onlyiknowit";
$database = "mainRoot_DB_NAME";

if (!($link=mysql_connect($hostname, $user, $password))) {
  echo "Your PHP script says: Error connecting to database on the host.";
}
if (!mysql_select_db($database, $link)) {
  echo "Your PHP script says: Error selecting database on the host.";
}

?>
Advertisements

About samehramzylabib

See About on https://samehramzylabib.wordpress.com
This entry was posted in Coding, Database and tagged , , , , , , , . Bookmark the permalink.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s