Secure connection to the database

Asked

Viewed 922 times

0

I was told that this connection mode is not safe, but I did not understand very well why it is not.

<?php
$conecta = mysql_connect("HOST", "LOGIN", "SENHA") or print (mysql_error()); 
print "Conexão OK!"; 
mysql_close($conecta); 
?>

And what would be the fix to make a secure connection?

  • 1

    It depends on what you call a secure connection. Secure in what sense?

2 answers

1


Because the methods mysql_* were deprecated in version 5.5.0 and removed in version 7.0.0.

It is recommended to use PDO or mysqli.

Below is an example of the use with PDO

$pdo = PDO("mysql:host=localhost;dbname=basededados;charset=utf8", "usuario", "senha");

Another simple using Mysqli

$mysqli = new mysqli("localhost", "user","password","database");

Which one should you choose ? PDO or Mysqli ? See this summary taken from the site tutsplus

inserir a descrição da imagem aqui

Learn more about connection methods.

  • 1

    I don’t like these tables, because they were made to fool the reader. "Sentences prepared on the client side" is disadvantage. mysqli has "Server-side prepared sentences," which is the only true way to do this. Named parameters and client-side prepared sentences are string concatenations only, masking the PDO limitation. They gave a fix on it recently, putting PDO option to make real Binding, but almost nobody uses, because it comes off.

  • Correct. I thought about removing the comparison from the official website. But I left the link for him to see. Although from this table, little makes sense, but it gives a path to those who do not understand. I left still so that he could identify the difference "not coherent" of both. Well observed.

  • 1

    It is a pity that just this page the staff did not translate on the official website. Anyway, I left a comment on the question, who knows the author explains better what he calls "safe". In terms of "data security", all the mentioned connections are similar. No encryption or authentication by default. As for safety in the use of functions, all allow sanitization. The major problem of the functionsmysql_ are obsolecence, and not so much safety. mysql_ already had an escape function, and if the people who didn’t use it still don’t use it (and don’t use Binding), they’re still vulnerable with the new ones.

  • (has authentication in the sense of user and password, I meant in the sense of signing the connection somehow)

  • 1

    The fact is that both are "safe" in the term you quoted No encryption or authentication by default. So I think the real problem is in the query and not in the function yes.

-1

Browser other questions tagged

You are not signed in. Login or sign up in order to post.