How to remove IF statement from DB connection file?

Question

How to remove IF condition from this code ?

For some weird reason this code only works when correct database credentials are inside ELSE statement. If I have correct database credentials in IF statement connection wont work. What is going on ? :)

<?php

/* database connection */

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
define('DBUSER', 'User1');
define('DBPASS', 'password2');
define('DBHOST', 'localhost');
define('DBNAME', 'selector');
} else {
define('DBUSER', 'User2');
define('DBPASS', 'password1');
define('DBHOST', 'localhost');
define('DBNAME', 'Database');
}
define('DB', 'mysql:host=' . DBHOST . ';dbname=' . DBNAME);

Are you connecting to localhost? What is the value of `$_SERVER['REMOTE_ADDR']`? Basic debugging. — Jonnix, Sep 01 '16 at 10:16
What are you actually trying to achieve here? Is this supposed to be 2 different sets of database credentials (one for the dev **server**, one for live) or is it *really* supposed to use a different MySQL user when the **client** connects locally? — CD001, Sep 01 '16 at 10:34
@PaavoDoe From the hover over `This question does not show any research effort; it is unclear or not useful`. Please answer the questions. — Jonnix, Sep 01 '16 at 10:35
@JonStirling relax brother, Beginners are not just new to language and technology they are also new at stackoverflow too. They will learn eventually. We all do. — Talha Malik, Sep 01 '16 at 10:37
@TalhaMalik Relax? Those aren't my words, they're directly from the SO interface... If you wish to ask SE to relax their language, I'm not the one to tell ;) — Jonnix, Sep 01 '16 at 10:38
Alright, I'm trying to connect database without any conditions. Because I thought it's security risk to keep correct credentials behind ELSE statement — Paavo Doe, Sep 01 '16 at 10:44
Depends where the constants are defined: you're about as safe as you can be if you create something like a `config.php` file and store it **outside the document root** (or if you can't in a folder protected with an .htaccess `Deny from All`). It would be a bigger risk to allow your default MySQL user (used when there are no credentials) to have root level access. — CD001, Sep 01 '16 at 10:46
Ok, thank you. I just keep with these settings. Maybe I someday understant what I was asking in here :) this was application which,I havent made. — Paavo Doe, Sep 01 '16 at 10:50

Ravi Hirani · Answer 1 · 2016-09-01T10:41:02.120

You should use $_SERVER['HTTP_HOST']

Write your code as below:-

$host = ['localhost', '127.0.0.1'];
if(in_array($_SERVER['HTTP_HOST'], $host)){
    $pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
}
else{
    $pdo = new PDO('mysql:host=example.com;dbname=your_db', 'username', 'password');
}

If you want to use constants, then write

if(in_array($_SERVER['HTTP_HOST'], ['localhost', '127.0.0.1'])){
    define('DBUSER', 'User1');
    define('DBPASS', 'password1');
    define('DBHOST', 'localhost');
    define('DBNAME', 'your_db1');
}
else{
    define('DBUSER', 'User2');
    define('DBPASS', 'password2');
    define('DBHOST', 'example.com');
    define('DBNAME', 'your_db2');
}

then write your connection connection object as below

$pdo = new PDO('mysql:host='.DBHOST.'; dbname='.DBNAME, DBUSER, DBPASS);

Why should they? Why will this work when their current one doesn't? — Jonnix, Sep 01 '16 at 10:32

score 0 · Accepted Answer · answered Sep 01 '16 at 10:29

0

This is because you must be getting value ::1 inside $_SERVER['REMOTE_ADDR']. It should work if you change to

if ($_SERVER['REMOTE_ADDR'] == '::1') {
define('DBUSER', 'User1');
define('DBPASS', 'password2');
define('DBHOST', 'localhost');
define('DBNAME', 'selector');
} else {
define('DBUSER', 'User2');
define('DBPASS', 'password1');
define('DBHOST', 'localhost');
define('DBNAME', 'Database');
}

answered Sep 01 '16 at 10:29

Talha Malik

1,509
3
22
44

Also please check this http://stackoverflow.com/questions/10517371/ip-address-of-the-machine-in-php-gives-1-but-why for why you might get ::1 instead of 127.0.0.1 in $_SERVER['REMOTE_ADDR'] – Talha Malik Sep 01 '16 at 10:34

score -1 · Answer 3 · answered Sep 01 '16 at 10:22

-1

In my opinion, that code was created so that the site admins, connecting directly from the server machine, can use a mysql user that can access to a different db (selector) than others users (for example for administrative purposes).

So, check if you have a db named "selector"; if yes, create User1 with password2. If no, simply delete all except:

define('DBUSER', 'User2');
define('DBPASS', 'password1');
define('DBHOST', 'localhost');
define('DBNAME', 'Database');

define('DB', 'mysql:host=' . DBHOST . ';dbname=' . DBNAME);

answered Sep 01 '16 at 10:22

Davide Visentin

735
5
19

More likely the block is there to use different credentials depending on environment. – Jonnix Sep 01 '16 at 10:24
@JonStirling yes, it's what I've said. You can access to a different db, eventually with different privileges. – Davide Visentin Sep 01 '16 at 10:27
I'm not sure you understood what I said. It's certainly not what your answer says. – Jonnix Sep 01 '16 at 10:28
So explain what you mean. I'm not native English speaker, it's possible that I've not understood what you said. – Davide Visentin Sep 01 '16 at 10:30
E.g. development vs production environments. You wouldn't want your development to be connecting to a production database. – Jonnix Sep 01 '16 at 10:32
The check is on the client IP. So we can be both right. The developer/admin/tester/etc. can access the "selector" db when in development environment, accessing from the same machine where the server is (127.0.0.1) or the "Database" db when in production, from another machine. – Davide Visentin Sep 01 '16 at 10:37
Anyhow there can be others reasons to do this: for example, the "selector" db can be a datawarehouse built from data in the other db, or can store statistics on site accesses, etc. – Davide Visentin Sep 01 '16 at 10:40
Now you're just adding more and more speculation. It is a pattern that is used very (too!) often. So while you could be correct, experience suggests to me that env switching is more likely. But it is just imo. – Jonnix Sep 01 '16 at 10:43
Also use another db as datawarehouse is very common. Anyway, in the answer I've written "for example for administrative purposes" not "surely for administrative purposes". I don't understand why that simple example make my answer less valid. – Davide Visentin Sep 01 '16 at 10:53

How to remove IF statement from DB connection file?

3 Answers3