Jump to content
Larry Ullman's Book Forums

Recommended Posts

I have a MySQL database on www.StylesOfLearning.net that is working well.

But a single column in one table of the database is being edited by a non-user.

Can anyone suggest how I can make the database secure.

It is being hosted on godaddy.




Link to comment
Share on other sites

Thanks Larry.

MySQL has multiple tables.  One table has a column named "GradeEarned".  Whoever is doing this is deleting nearly all the data in the column named "GradeEarned".


Here is the connection script that is stored in the "includes" folder of the webroot. it is named mysqli_connect.php.  I have replaced the password in this script with '???????????????".


<?php # Script: mysqli_connect.php
// This file contains the database access information. 
// This file also establishes a connection to MySQL 
// and selects the database.
// Set the database access information as constants:
DEFINE ('DB_USER', '???????????????');
DEFINE ('DB_PASSWORD', '???????????????');  
DEFINE ('DB_HOST', '???????????????');
DEFINE ('DB_NAME', '???????????????');
// Make the connection:
$dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// If no connection could be made, trigger an error:
if (!$dbc) {
trigger_error ('Could not connect to MySQL: ' . mysqli_connect_error() );
} else { // Otherwise, set the encoding:
mysqli_set_charset($dbc, 'utf8');



I have not been able to store this connection script outside of the Web documents directory as you suggest in your MySQL and PHP for Dynamic Websites.  GoDaddy says they can not grant me acess to such a location.


I have removed all user accounts for this site except for my user account.


I am not sure that anything can be done?


Thank you for considering my issue.


Wes smith

Link to comment
Share on other sites

Change you mysql credentials as fast as possible. You shared all details publicly on this forum, so they are no longer safe to use. This is a much bigger problem than a user changing a few columns!


Other than that, I'll bet the issue is not related to your connection, but instead has to do with one or more of your queries. You're most likely not effectively cleaning user input somewhere so a user can change your query in some way. We need to see some of those queries.

Link to comment
Share on other sites


  • Create New...