Connecting to database securely and using table info

  • kellypayne171

    (@kellypayne171-1)


    12 years ago

    Hi there hopefully someone can help, I have looked on the forums and I cannot find the answer to my question, or if I have, I am totally missing the point!

    I have a postcode checker on my website, when a person enters a postcode into a form field and presses the submit button it goes to another page with the answer.

    I have the code working correctly my only concern is the security of the database as I am unsure of how to access the database from the page (not a blog) securly.

    I am using the insert php plugin and I just cannot work out how to remove the

    $con=mysqli_connect(“localhost”,”xxxxxx”,”password”,”xxxxx”);

    so that I can connect to the database securely. I am also aware that I am connected to the database already but just need to be able to access it.
    Hopefully this isn’t a totally stupid question and I’m not missing the point entirely but can I not

    $con=connect to the wordpress database;

    So that I can use my already working code?

    I am also aware that the insert php plugin will not use anything but actual php code – is there a better plugin to use?

    I would be so grateful for any help. 

    [insert_php] $con=mysqli_connect("localhost","xxxxxx","password","xxxxx");
$test1= $_POST["pcode10"];
$test = preg_replace('/\s+/', '', $test1);
$str = $test; $str = strtoupper($str);
 $result = mysqli_query($con, "SELECT * FROM test2 WHERE postcode1= '$str' ");
while($row = mysqli_fetch_array($result)) { $row2 = $row['postcode1']; $row13 = $row['postcode2']; $row9 = $row['map']; }
$result2 = mysqli_query($con, "SELECT * FROM test WHERE post1= '$str' ");
while($row4 = mysqli_fetch_array($result2)) { $row3 = $row4['post1']; }
if ($row2 == $str)
{ echo '<span style="font-size: small;">Sorry you are <strong>NOT eligible </strong>for us to dispense your prescriptions</span>.';
echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />';
echo '<span style="font-size: small;">Your nearest pharmacy is </span> ';
echo '<span style="font-size: small;"> ';
echo $row13; echo '</span> '; echo '<br />';'<br />';'<br />';
 echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />'; echo $row9; echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />';
 echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />';
echo '<span style="font-size: small;">Please <a href="http://www.elmgroupsurgeries.com/prescriptions/collecting-your-medication/">click here</a> to return to the Collecting your medication page</span> '; }
elseif ($row3 == $str)
{ echo '<span style="font-size: small;">You <strong>ARE </strong><b>eligible</b> for us to dispense your prescriptions</span>';
echo '<br />';'<br />';'<br />';
 echo '<br />';'<br />';'<br />';
echo '<br />';'<br />';'<br />';
echo '<br />';'<br />';'<br />';
echo' <span style="font-size: small;">Please <a href="http://www.elmgroupsurgeries.com/prescriptions/collecting-your-medication/">click here</a> to return to the Collecting your medication page.</span> '; }
else { echo '<span style="font-size: small;"> Sorry you are <strong>NOT Eligible </strong>for us to dispense your prescriptions, your postcode is not within our boundary.</span>';
echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />'; echo '<br />';'<br />';'<br />';
echo '<span style="font-size: small;">Please <a href="http://www.elmgroupsurgeries.com/prescriptions/collecting-your-medication/">click here</a> to return to the Collecting your medication page. </span>';

The topic ‘Connecting to database securely and using table info’ is closed to new replies.