我正在尝试与我的phpdatabase建立安全连接
我写了以下代码:
<?php
// form filled?
if (isset($_POST['submit'])) {
$user = 'gebruiker';
$pass = 'gebruiker';
$db = new mysqli('localhost', $user, $pass, 'forum');
if (mysqli_connect_errno()) {
echo 'database doesnt work';
file_put_contents('MySQLiErrors.txt', date('[Y-m-d H:i:s]') . mysqli_connect_error() . "\r\n", FILE_APPEND);
exit();
} else {
$username = $_POST['username'];
$userspassword = $_POST['password'];
$salt = strrev($userspassword.substr(0,4));
$password = hash('sha512',$userspassword.$salt);
$statement = $db->prepare("SELECT id,username FROM user WHERE username = ? AND password = ?");
$statement->bind_param("ss", $username, $password);
$statement->execute();
$result = $statement->get_result();
$statement->close();
$count = $result->num_rows;
if ($count …这是我通常使用 SSL 连接到 MySQL 数据库的方式:
$db = mysqli_init();
mysqli_ssl_set(
$db,
NULL,
NULL,
'/etc/ssl/my-certs/ssl-ca.crt.pem',
NULL,
NULL
);
mysqli_real_connect(
$db,
'db.example.com',
'john',
'123456',
NULL,
NULL,
NULL,
MYSQLI_CLIENT_SSL
);
据我了解,该标志是使用 SSL 连接到服务器MYSQLI_CLIENT_SSL所必需的。mysqli::real_connect
今天我偶然发现了 的文档mysqli::options,并注意到它接受MYSQLI_OPT_SSL_VERIFY_SERVER_CERT作为一个选项,但是,唉,它的描述是空白的。所以,我想知道:
mysqli_options($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);?MYSQLI_CLIENT_SSL标志?