我想要一些关于你们认为使用PHP连接到MySQL数据库的最安全方式的输入.目前我正在这样做的方式是一个实用程序PHP文件,我包含在我所有其他PHP文件的顶部.实用程序PHP文件是这样的:
<?php
if(!defined('IN_PHP')){
die("hackerssss");
}
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_pass = "root";
$mysql_db = cokertrading;
?>
有什么建议?
我的WHILE Loop有什么问题吗?
<?php
include('header.php');
$manage = "current_page_item";
include('nav.php');
include('sidebar.php');
?>
<div class="primary">
<br/>
<?php
$userId = $_GET['id'];
echo "<div class=\"item_list\">";
$sql = "SELECT * FROM user WHERE id = " . intval($userId);
$result = mysql_query($sql);
while($item = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "<b>Title: </b>" . $item['item'] . "<br/><b>Email: </b>" . $item['email'] . "<br/>";
echo "<b>Price: </b>" . $item['price'] . "</b><br/><b>Category: </b>" . $item['category'] . "</b><br/> <b>Extra: </b>" . ($item['extra'] ."</b><br/><b>Date Listed: </b>". $item['date'];
}
echo "</div>";
?>
</div>
<?php include('footer.php'); ?>