我正在为我的项目创建一个数据库配置文件,但我不确定我的config.php是否安全。
如何修改此脚本以获得安全连接?
的config.php
<?php
$username="root";
$password="";
$host="localhost";
$database="practise";
?>
的index.php
<?php
include 'config.php';
$con=mysql_connect("$host","$username","$password") or die("Server Error");
mysql_select_db("$database") or die("Database error");
if($con==true)
{
echo "Success";
}
else
{
mysql_close($con);
}
?>
答案 0 :(得分:8)
1)创建一个config.php
define('DBUSER','username');
define('DBPWD','password');
define('DBHOST','localhost');
define('DBNAME','database name');
2)db.php
<?php
include('config.php');
class db extends mysqli {
// single instance of self shared among all instances
private static $instance = null;
// db connection config vars
private $user = DBUSER;
private $pass = DBPWD;
private $dbName = DBNAME;
private $dbHost = DBHOST;
//This method must be static, and must return an instance of the object if the object
//does not already exist.
public static function getInstance() {
if (!self::$instance instanceof self) {
self::$instance = new self;
}
return self::$instance;
}
// The clone and wakeup methods prevents external instantiation of copies of the Singleton class,
// thus eliminating the possibility of duplicate objects.
public function __clone() {
trigger_error('Clone is not allowed.', E_USER_ERROR);
}
public function __wakeup() {
trigger_error('Deserializing is not allowed.', E_USER_ERROR);
}
private function __construct() {
parent::__construct($this->dbHost, $this->user, $this->pass, $this->dbName);
if (mysqli_connect_error()) {
exit('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());
}
parent::set_charset('utf-8');
}
public function dbquery($query)
{
if($this->query($query))
{
return true;
}
}
public function get_result($query)
{
$result = $this->query($query);
if ($result->num_rows > 0){
$row = $result->fetch_assoc();
return $row;
} else
return null;
}
}
?>
3)使用
require 'db.php';
$query="select * from tbl_session";
$sockets = db::getInstance()->get_result($query);
或任何其他查询
$query="insert into `tbl_chats` (coloum_name) values('".$val."')";
$wisherID = db::getInstance()->dbquery($query);
答案 1 :(得分:3)
我更喜欢将常量用于配置选项而不是变量,原因有三个:
global关键字,示例:
<?php
const DB_HOST = 'localhost';
const DB_USER = 'user123';
const DB_PASS = '';
const DB_NAME = 'test';
指数:
<?php
require_once 'config.php';
$link = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);
答案 2 :(得分:2)
我找到了为我的项目创建config.php文件的最佳方法
<强>的index.php
<?php
include 'config.php';
try
{
$host=$config['DB_HOST'];
$dbname=$config['DB_DATABASE'];
$conn= new PDO("mysql:host=$host;dbname=$dbname",$config['DB_USERNAME'],$config['DB_PASSWORD']);
//new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);
}
catch(PDOException $e)
{
echo "Error:".$e->getMessage();
}
?>
的config.php
<?php
$config=array(
'DB_HOST'=>'localhost',
'DB_USERNAME'=>'root',
'DB_PASSWORD'=>'',
'DB_DATABASE'=>'gobinath'
);
?>
答案 3 :(得分:0)
这是我的config.php
的正确方法<?php
include 'config.php';
try
{
$host=$config['DB_HOST'];
$dbname=$config['DB_DATABASE'];
$conn= new PDO("mysql:host=$host;dbname=$dbname",$config['DB_USERNAME'],$config['DB_PASSWORD']);
//new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);
}
catch(PDOException $e)
{
echo "Error:".$e->getMessage();
}
?>
<强>的config.php
<?php
$config=array(
'DB_HOST'=>'localhost',
'DB_USERNAME'=>'root',
'DB_PASSWORD'=>'',
'DB_DATABASE'=>'gobinath'
);
?>