Note Submitter: tim
----
Hey, I am building a website for a pretty big company and
they are really worried about security issues with DB
Connections. They have a lot of sensitive data which is
really important that it is secure.
Right now they're using a Class to do all of their queries
(self made), using MySQL connections. They're running on a
PHP 4.1 server, (so MySQLi can't be used). What they're
doing is creating a connection to the DB, doing a single
query then closing the DB connection. So for example..
<?php
$DB = new MYSQLCLASSNAME(); // THIS DOES NOT OPEN A
CONNECTION, JUST INSTAGATE THE CLASS
$selQ = "SELECT * FROM SOMEWHERE";
$DB->connect(); //This creates the connection
($DB->query($selQ)) || die("didn't work");
$DB->close(); //Close the connection
$updateQ = "UPDATE SOMEWHERE SET
something='something' LIMIT 1";
$DB->connect(); // Create connection
($DB->query($updateQ)) || die("didn't
work");
$DB->close(); // close connection
$DB->connect(); // Create connection
for($i=1; $i<10; $i++){
$delQ = "DELETE FROM SOMEWHERE WHERE id=$i LIMIT
1"
$DB->query($delQ);
}
$DB-close(); // Close connection
echo "everything worked";
?>
They are constantly doing this. Just opening the DB just for
a single query, then closing it right away. If there is a
loop, they open the db connection before the loop, then
close it right when the loop completes.
I was wondering, is that a bad idea, would this be too much
stress on the server??
P.S.
They are very adamant on using their class so that later on
if they decide to immigrate from MySQL to another DB then
the transition would be simple cause all they would have to
do is edit that one class.
--
PHP Notes Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub
.php
|