1

I have a following code on a WordPress theme .php template files:

$star->id = $user_ID ;
$curent_user = get_current_user_id();
$con=mysqli_connect("localhost","username","password","dbname");
$sql = mysqli_query($con,"SELECT * FROM `Fr_star` WHERE `user_id` = ".$curent_user." AND `rate_id` = ".$user_ID."");

The problem is that it stores the username, password, database name in a plain text, which I think is not secure enough.

The question is how can I rewrite this line into the plugin to gain a secure connection to a localhost wp database? How would it look like?

$con=mysqli_connect("localhost","username","password","dbname");

I have tried replacing it with the following line but it didn not worked:

$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

In a result I get errors on the pages where the db connections are needed:

Warning: mysqli_connect(): (HY000/1130): Host '127.0.0.1' is not allowed to connect to this MySQL server in .../themes/theme-name/single.php...

Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given in .../themes/theme-name/single.php...

Regards

==SOLUTION UPDATE==

A use

$con=mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

B and allow database user to connect remotely (enable remote connections)

twelvell
  • 257
  • 1
  • 8
  • 19

1 Answers1

0

If this is a WordPress plugin, your attempt: 

$con=mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

should be working fine, but you're not describing what exactly didn't work (did you get any specific error?). My guess is that you are trying to query a different database than that used by WordPress to store its data. If you prefer to keep the sensitive data out of the plugin code, you should add it to the WordPress configuration file, which is /wp-config.php. So, adding at the beginning of wp-config.php something like:

define( 'DB_NAME_STARS', 'database_name_here' );
define( 'DB_USER_STARS', 'username_here' );
define( 'DB_PASSWORD_STARS', 'password_here' );
define( 'DB_HOST_STARS', 'localhost' );

and then use in your plugin code:

$connection = mysqli_connect(DB_HOST_STARS, DB_USER_STARS, DB_PASSWORD_STARS, DB_NAME_STARS);

Hope this helps!

Matteo Canever
  • 36
  • 1
  • Hi Matteo, It is a theme with a lot of connections made in a plain text on the .php template files. When I change the db name or password I have to manually rewrite them all every time. I want to make it to fetch the db name, username, pass and host from the defined values at wp-config.php I have errors like these on the template page - Warning: mysqli_connect(): (HY000/1130): Host '127.0.0.1' is not allowed to connect to this MySQL server in .../themes/theme-name/single.php... Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given in .../themes/theme-name/single.php... – twelvell Mar 27 '17 at 20:50
  • The error message seems to help us: http://stackoverflow.com/questions/1559955/host-xxx-xx-xxx-xxx-is-not-allowed-to-connect-to-this-mysql-server This answer might help – Matteo Canever Mar 27 '17 at 21:04