Grow your CSS skills. Land your dream job.

Connecting to database from another website secure?

  • # July 16, 2012 at 10:33 pm

    Okay so this is kind of a big question, so bare with me.
    Basically what I want to achieve is to have another website connect to my database on a small app that I have provided them, without them knowing my database credentials.
    Say I’m creating a comment system (I’m not, this would not be the way to go) and I would store every comment in my database. I would give them a code that will display comments from my database, without them getting access whatsoever to my database credentials – host, username and password.

    How would I go about doing this? Is a simple php include() going to do the trick or do I need to go into other methods. I see comment installment is typically done with a Javascript file linked or sourced to the page it should be inserted into.

    Please give me a sample code of this code being given to another server without them getting into the code itself, or not getting into the database connection atleast.

    < ?php
    $connect = mysql_connect("host", "username", "password");
    $selectdb = mysql_select_db("d_b");
    $string = mysql_escape_string($_REQUEST);
    $query = mysql_query("SELECT * FROM table WHERE detail = '$string'");
    while ($row = mysql_fetch_assoc($query){
    $something= $row;
    }
    echo($something);
    ?>

    Thank you.
    - Schart

    # July 17, 2012 at 4:42 am

    Give the include a try, that’s how I would roll. Is there a particular reason this is a concern?

    # July 17, 2012 at 12:48 pm

    Some servers have limitations on including files on other servers, for security reasons. So you’ll have to test that. You can create additional MySQL users that you give read only access.

    You could do it where you have a page that includes another page returning the information and let other sites link to that with an iFrame, like how facebook does it.

    http://www.yoursite.com/comments?user=username:


    < ?php
    $user = $_GET;
    if (verifyusercode($user)){
    include(schartsfile.php);
    }
    ?>
    # July 17, 2012 at 12:54 pm

    Yes iFrame would be a great option. Thank’s. Yeah include doesn’t work on my servers because of security.

    # September 3, 2012 at 3:55 pm

    honestly, even if your host did allow you to include remote files, it’s a Terrible Horrible No Good Very Bad idea. unless you have _complete_ control over both servers (and even then sometimes), it’s a huge security risk. that’s why people disable it.

    # July 17, 2013 at 12:29 pm

    Please, anyone here to help me correct this code, it was telling me that could not connect to database.
    My site is flashysky.com
    database name : is flashysky

    please help me to correct it and send it to my email jimohwareez@gmail.com

    I will really appreciate if you can help me out.

    Thanks.

    < ?php
    $mysql_hostname = “flasycom_flashysky”;
    $mysql_user = “flasycom@localhost”;
    $mysql_password = “household”;
    $mysql_database = “flasycom_flashysky”;
    $prefix = “”;
    $bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die(“Could not connect database”);
    mysql_select_db($mysql_database, $bd) or die(“Could not select database”);

    ?>

    # July 17, 2013 at 9:41 pm

    two things:

    1)
    ##### NEVER POST SENSITIVE INFORMATION ONLINE.

    You need to edit your post and remove your hostname, username, and password.

    After that, you should change your username and (at the _very least_) your password.

    (you might also wish to remove your email address, lest you get flooded with spam.)

    2)

    You should start a new discussion for your question, instead of commenting in schart’s discussion.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".