user3123109 user3123109 - 1 year ago 43
SQL Question

Accessing a database initially to query user data

Probably a database and programming 101 question, but the few books I have read so far don't really explicitly touch on the subject.

When a user goes to a website and they need to login, there needs to be some user specified on the back-end somewhere that allows them to submit a query to the database to verify their information, correct?

The few books I have read on PHP and MySQL go into detail about verifying and setting up user verification, but they tend to have the username and password hardcoded into a separate file and then other files inherit it. This seems like a really bad idea.

They do eventually get into passing this information in with a variable that is assigned from the database query. But what they don't seem to say is that an initially user account needs to be setup that allows that query to happen. So it seems there should be a username and password hardcoded somewhere to make this initial query possible. Is this correct that there should be a username and password stored in a PHP file that is inherited for logging in purposes and then is replaced by the actual user info when they login successfully? If so, what permissions should that account have? Just


I also ask because in poking around my company's website and looking at the PHP config file, there is a username and password hardcoded in it.

Answer Source

All communication between in your case PHP and the database MYSQL is done by the same user, the user that is hard coded in a php file. like this:

$servername = "localhost";
$username = "username";
$password = "password";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
echo "Connected successfully";

This is pretty secure because this file can only be accessed from within the server if you set the file permissions right (444 = read-only on Linux systems).

The verification on which users may access which page is application logic and has to be programmed separate and has nothing to do with the communication between PHP and the database.

If you need any further information please let me know.