我在WordPress主题.php模板文件中有以下代码:
$star->id = $user_ID ;
$curent_user = get_current_user_id();
$con=mysqli_connect("localhost","username","password","dbname");
$sql = mysqli_query($con,"SELECT * FROM `Fr_star` WHERE `user_id` = ".$curent_user." AND `rate_id` = ".$user_ID."");
问题是它以纯文本形式存储用户名,密码,数据库名称,我认为这不够安全。
问题是如何将这一行重写到插件中以获得与本地主机 wp 数据库的安全连接?会是什么样子?
$con=mysqli_connect("localhost","username","password","dbname");
我尝试用以下行替换它,但它不起作用:
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
结果,我在需要数据库连接的页面上出现错误:
Warning: mysqli_connect(): (HY000/1130): Host '127.0.0.1' is not allowed to connect to this MySQL server in .../themes/theme-name/single.php...
Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given in .../themes/theme-name/single.php...
问候
==解决方案更新==
用途
$con=mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
B 并允许数据库用户远程连接(启用远程连接(
如果这是一个WordPress插件,你的尝试:
$con=mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
应该工作正常,但您没有描述究竟什么不起作用(您是否收到任何特定错误?我的猜测是,您正在尝试查询与WordPress用于存储其数据的数据库不同的数据库。如果您希望将敏感数据排除在插件代码之外,则应将其添加到WordPress配置文件中,即/wp-config.php。因此,在 wp-config 的开头添加.php如下所示的内容:
define( 'DB_NAME_STARS', 'database_name_here' );
define( 'DB_USER_STARS', 'username_here' );
define( 'DB_PASSWORD_STARS', 'password_here' );
define( 'DB_HOST_STARS', 'localhost' );
然后在插件代码中使用:
$connection = mysqli_connect(DB_HOST_STARS, DB_USER_STARS, DB_PASSWORD_STARS, DB_NAME_STARS);
希望这有帮助!