wesmith4 Posted August 13, 2014 Share Posted August 13, 2014 I have a MySQL database on www.StylesOfLearning.net that is working well. But a single column in one table of the database is being edited by a non-user. Can anyone suggest how I can make the database secure. It is being hosted on godaddy. Wes Link to comment Share on other sites More sharing options...
Larry Posted August 14, 2014 Share Posted August 14, 2014 Could you provide more details about how you know it's being edited by a non-user? Is it impossible for a security hole in your code to be the source of the problem? Link to comment Share on other sites More sharing options...
wesmith4 Posted August 14, 2014 Author Share Posted August 14, 2014 Thanks Larry. MySQL has multiple tables. One table has a column named "GradeEarned". Whoever is doing this is deleting nearly all the data in the column named "GradeEarned". Here is the connection script that is stored in the "includes" folder of the webroot. it is named mysqli_connect.php. I have replaced the password in this script with '???????????????". ===================== <?php # Script: mysqli_connect.php // This file contains the database access information. // This file also establishes a connection to MySQL // and selects the database. // Set the database access information as constants: DEFINE ('DB_USER', '???????????????'); DEFINE ('DB_PASSWORD', '???????????????'); DEFINE ('DB_HOST', '???????????????'); DEFINE ('DB_NAME', '???????????????'); // Make the connection: $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // If no connection could be made, trigger an error: if (!$dbc) { trigger_error ('Could not connect to MySQL: ' . mysqli_connect_error() ); } else { // Otherwise, set the encoding: mysqli_set_charset($dbc, 'utf8'); } ============================== I have not been able to store this connection script outside of the Web documents directory as you suggest in your MySQL and PHP for Dynamic Websites. GoDaddy says they can not grant me acess to such a location. I have removed all user accounts for this site except for my user account. I am not sure that anything can be done? Thank you for considering my issue. Wes smith Link to comment Share on other sites More sharing options...
Antonio Conte Posted August 15, 2014 Share Posted August 15, 2014 Change you mysql credentials as fast as possible. You shared all details publicly on this forum, so they are no longer safe to use. This is a much bigger problem than a user changing a few columns! Other than that, I'll bet the issue is not related to your connection, but instead has to do with one or more of your queries. You're most likely not effectively cleaning user input somewhere so a user can change your query in some way. We need to see some of those queries. Link to comment Share on other sites More sharing options...
Recommended Posts