This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I use the following PHP code to connect to MySQL.
$link = mysql_connect('127.0.0.1', 'root', '123456') or die("wrong user pass mysql");
mysql_select_db('database', $link);
This code is placed in a connection file called connection.php which is included in all PHP scripts that require access to database.
If a hacker gets the URL of connect.php (http://www.example.com/connection.php), is it possible to hack my database? How can I ensure that the PHP connection code does not help the hacker? Or which is the best secure way of connecting to the database?
</div>
