[wp-hackers] Security Vulnerability found - Forum Post

[Amit Gupta]

"Robert Deaton" <false.hopes at gmail.com> wrote
> Unfortunately, I don't think that'd work at all really. In this case, mySQL isn't on a persistant
> connection, and even if it was, you would still have to have the user/pass to access the resource
> (iirc, don't hold me to this). At any rate, this would provide no benefit

Its not about using persistant connections. WP doesn't open a persistant connection. But what I'm saying is that you can access a global object without creating it everytime. I also use ezSQL, the same class that WP uses for db. You create an object of that class & pass connection info to it & it opens a connection. Now to try this out, create a page that defines this db object as global, lets say $mydb & make it an object of the ezSQL class & connect to db. Now in another page, just access the global object $mydb & do some db stuff. You can do that, while you defined $mydb in another page which doesn't have any link with this 2nd page.

That's what I'm saying to do, that if the db object exists, then there's no need to reload the wp-config as it contains just the db info & we don't need it if a db object already exists for us to use.

-----
Amit Gupta

|| Canned!! -- my Atropine || iG:Syntax Hiliter v2.01 ||
|| iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet || 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050415/5191275a/attachment.html