更安全的方式連接到我的數據庫

Question

正如你所看到的，我以一種老式的方式連接到我的數據庫，並一直在尋找修改這套服裝的新標準。每當我切換到另一種連接方式啓動我的用戶，然後輸出我的錯誤，說用戶dosnt存在，所以我猜測它沒有連接？

<?php 
    $connect_error = 'Sorry we have some problems'; 
    mysql_connect('localhost', 'admin', 'adminpassword') or die($connect_error); 
    mysql_select_db('mydatabasename'); 
    ?> 

我試圖用這個作爲一個例子（在我的信息顯然把）

<?php 
    // Create connection 
    $con=mysqli_connect("example.com","peter","abc123","my_db"); 

    // Check connection 
    if (mysqli_connect_errno()) { 
     echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 
    ?> 

但它會殺死我的訪問？

這是我的登錄腳本，我又想更新我的整個註冊和登錄以適應新的標準。

<?php 
include 'core/init.php'; 
logged_in_redirect(); 


if (empty($_POST) === false) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    if (empty($username) === true || empty($password) === true) { 
     $errors[] = 'You need to enter a username and password'; 
    } else if (user_exists($username) === false) { 
     $errors[] = 'This username does not exist'; 
    } else if (user_active($username) === false) { 
     $errors[] = 'Account not adctivated'; 
    } else { 

     if (strlen($password) > 32) { 
      $errors[] = 'Password too long'; 
     } 


     $login = login($username, $password); 
      if ($login === false) { 
       $errors[] = 'That username/password combination is incorrect'; 

      } else { 
       $_SESSION['user_id'] = $login; 
       header('Location: index.php'); 
       exit(); 
      } 
    } 
} 
    else { 
     $errors[] ='No data recieved'; 
} 


include 'includes/overall/header.php'; 

if (empty($errors) === false) { 

?> 

     <h2>We tried to log you in, but...</h2> 

<?php 

    echo output_errors($errors); 
} 

include 'includes/overall/footer.php'; 
?> 

我正在尋求建議，最好的方法來解決這個問題，爲什麼？

**按照要求我登錄功能：**

function logged_in(){ 
    return (isset($_SESSION['user_id'])) ? true : false;  
} 


function user_exists($username) { 
    $username = sanitize($username); 
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"); 
    return (mysql_result($query, 0) == 1) ? true : false; 
} 

function email_exists($email) { 
    $email = sanitize($email); 
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"); 
    return (mysql_result($query, 0) == 1) ? true : false; 
} 




function user_active($username) { 
    $username = sanitize($username); 
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1"); 
    return (mysql_result($query, 0) == 1) ? true : false; 
} 




function user_id_from_username($username) { 
    $username = sanitize($username); 
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'); 
} 




function login($username, $password) { 
    $user_id = user_id_from_username($username); 

    $username = sanitize($username); 
    $password = md5($password); 

    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password' "), 0) == 1) ? $user_id : false; 
} 

我想重整我的整個網站以確保它是安全的，因爲它確實讓我擔心。

Answer 1

嘗試連接這樣

$con=mysqli_connect("localhost","peter","abc123","my_db"); 

我假設你的MySQL服務器是在同一臺計算機在網站上。

我還假設你已經改變了你的數據庫查詢代碼，以使用mysqli_擴展名，而不是保留舊的mysql_函數不變。

啊我看到您的登錄代碼現在

這也需要修改使用mysqli_query（）等

這不是一個簡單的過程，不能僅通過改變連接機制來實現。

嘗試這樣的事情在你登錄校驗

$result = $mysqli->query("SELECT COUNT(`user_id`) as `kount` 
         FROM `users` 
         WHERE `username` = '$username' 
          AND `password` = '$password'"); 

$count = $result->fetch_object()->kount; 
$result->free(); 
$mysqli->close(); 
echo "there are {$count} rows in the table";