NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MySQL Discussion> 2009-q1

how to sanitize mysql_connect?

From: PJ (af.gourmetvideotron.ca)
Date: Wed Mar 04 2009 - 14:12:53 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I hope this is the right list as it concerns mysql and php ???
I just realized that an open connection is necessary to
usemysql_real_escape_string...So how do you sanitize an include page
used to open a connection
This is the page
// db1.php
// SQL login parameters for local environment
$local_dbhost = "localhost"; // normally "localhost"
$local_dbuser = "xxxx"; // your local database user name
$local_dbpass = "xxxx"; // your local database password
$local_dbname = "xxxx"; // your local database name

// SQL remote parameters for remote environment (ex: nomonthlyfees)
$remote_dbhost = "localhost"; // normally "localhost"
$remote_dbuser = "xxxx"; // your remote database user name
$remote_dbpass = "xxxx"; // your remote database password
$remote_dbname = "xxxx"; // your remote database name

// Local server address
$LOCAL_SERVER = "127.0.0.1";

// CONNECT to DATABASE
if ($_SERVER["REMOTE_ADDR"] == $LOCAL_SERVER) {
    $dbhost = $local_dbhost;
    $dbuser = $local_dbuser;
    $dbpass = $local_dbpass;
    $dbname = $local_dbname;
}
else {
    $dbhost = $remote_dbhost;
    $dbuser = $remote_dbuser;
    $dbpass = $remote_dbpass;
    $dbname = $remote_dbname;
}

$db = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname,$db);

echo $dbname;
echo " ";
echo $dbhost;
echo $dbuser;
echo $dbpass;

if (!$db) {
 echo( "Unable to connect to the " .
 "database server at this time." );
 exit();
 }

// Select the database
if (! mysql_select_db("biblane") ) {
 echo( "Unable to locate the biblane " .
 "database at this time." );
 exit();
 }
?>

--
unheralded genius: "A clean desk is the sign of a dull mind. "
-------------------------------------------------------------
Phil Jourdan --- pjptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]