Discussion on database connection incidents. senior experts are invited. URGENT!

Discussion on database connection incidents. senior experts are invited. URGENT! A SAAS-based ERP system is developed. Currently, a database is created for each enterprise, but a PHP script is used. For example, my SAAS customers have 50 enterprises, and I have built 50 databases in MYSQL with the same data structure. Then there is a set of PHP scripts, which makes it easier to upgrade and modify one place, which means that 50 sets of systems have been upgraded.
When every enterprise logs on to the first page, I save a SESSION ['DB'] for them. in the php database connection script, the name of the connection database = SESSION ['DB'], so that the enterprise will add, delete, modify, and query data in that database.

Now, a strange event is the occasional occurrence of serial numbers. For example, for enterprise A, when logging on to the first page, set SESSION ['DB'] = 'a', and then check the user name and password in the database named A when logging on to login, next, add, delete, modify, and query all the tables in database. But occasionally, after enterprise A logs on, refresh the data of Enterprise B and refresh the data of enterprise C. I am wondering, in connection, the DB is fixed to A. why is the serial number sent to the data of other databases?

My first analysis, because the scripts are the same, meaning the URLs are the same. Theoretically, the SESSION ['DB'] is different. the page is connected to itself every time it is opened, and there should be no problem. since there is a serial number, I suspect that the cache is caused. Later, I checked on the Internet, as if the 360 browser was reported to upload user privacy, and the chain COOKIE was also uploaded. I was wondering if the 360 browser was caused by this action.

In my first response, I used wildcard domain name resolution to change the URLs of each enterprise to different ones, that is, Enterprise A's website is A.xxx.com and Enterprise B is B .xxx.com, however, the overall framework is the same, and PHP scripts are the same. In this case, even if the COOKIE is uploaded to the cache of another server, the website address is different. it will not always be a serial number, will it? It turns out that I was wrong again. In the afternoon, another customer called to learn how to view data from other companies in his system. I am totally crazy.

In my second analysis, I suspected that it was caused by mysql_pconnect () connection? I am thinking that Enterprise A has established A persistent database connection. Enterprise B login is mysql_pconnect (). will APACHE directly use the connection established by Enterprise A for Enterprise B? So I immediately changed pconnect to connect at night. But I am still worried. I feel that the problem is not that simple. this data string number is too serious for a commercial software. I spent too much effort on it, maybe it would be a loss.

Again, I beg the experts to help me analyze how this strange phenomenon occurs? I have been skeptical about the reason for cache for many times. even if the page is displayed as a cache page, they should not be able to modify each other. so I still feel the problem still occurs on the database connection?

My QQ account is 13676987, Hangzhou. I look forward to communicating with experts!

Reply to discussion (solution)

1. is SESSION ['DB'] $ _ SESSION ['DB?
2. why should I write dbname in the session?
Why does not a site use a config file to record different information? for example, each site has a config. php,
Define ('dbname', 'db1 ');
3. is your session saved in db?

50 enterprises share a set of PHP scripts, which means that there is only one config. php and 50 enterprises use it together. Therefore, it cannot be set separately. However, you have provided me with an inspiration. I can get config1.php config2.php config3... so that 50 will not be a problem?

It is also a pretty good solution, although a bit silly. Haha

If so, 50 virtual hosts should be different.
Using apache's Env module, see my previous article: http://blog.csdn.net/fdipzone/article/details/9388959

In virtual host, add

 
    SetEnv DBNAME DB1
  

Different virtual host values are set differently.

Then, set the dbname in config.
For example, change $ dbname = 'db1' to $ dbname = $ _ SERVER ['dbname'].

Tips: data stored using Env can only be read from the web, but cannot be read in php cli mode. please use it as needed.

Persistent database connections are reused to database servers, but are not reused to database connections.

SlaveHow can we see data from other companies in his system?Start:
From the "first response, I use wildcard domain name resolution", we can see that your user identity authentication is independent. Currently, SSO is very popular. you are also using it.
Since several companies can use the same set of software without modifying (including the interface), we can see that these companies are engaged in the same industry. Therefore, it cannot be ruled out that Company A knows the logon password of Company B.
Use A multi-tab browser to log on to Company A on the tab, and then log on to Company B on the B tab. Return to the tab to View Company B's data.
Because multiple tabs share A cookie, the sessionid set by A is modified by B.
In fact, unconditionally trust incoming data, which is the basis for CSRF attacks.

When the second-level domain name is used, cookies are not shared because the domain name is different. However, if you still use single-point logon, the situation will not change due to the Trust Domain.

At present, too many people do not trust the capabilities of the database, and like to get something like data caching (for fear that the database is exhausted, pity is commendable)
Data Caching is usually distinguished by query names. in your system, database names are used to differentiate data affiliation, which is normal if obfuscated.

Persistent database connections are reused to database servers, but are not reused to database connections.

SlaveHow can we see data from other companies in his system?Start:
From the "first response, I use wildcard domain name resolution", we can see that your user identity authentication is independent. Currently, SSO is very popular. you are also using it.
Since several companies can use the same set of software without modifying (including the interface), we can see that these companies are engaged in the same industry. Therefore, it cannot be ruled out that Company A knows the logon password of Company B.
Use A multi-tab browser to log on to Company A on the tab, and then log on to Company B on the B tab. Return to the tab to View Company B's data.
Because multiple tabs share A cookie, the sessionid set by A is modified by B.
In fact, unconditionally trust incoming data, which is the basis for CSRF attacks.

When the second-level domain name is used, cookies are not shared because the domain name is different. However, if you still use single-point logon, the situation will not change due to the Trust Domain.

At present, too many people do not trust the capabilities of the database, and like to get something like data caching (for fear that the database is exhausted, pity is commendable)
Data Caching is usually distinguished by query names. in your system, database names are used to differentiate data affiliation, which is normal if obfuscated.

Which means the problem is in the cache? If you connect to the database every time, is there no such problem?

If the cache is not used, a possible problem is removed.
If you trust not only $ _ SESSION ['DB'], but at least one method to determine the user source, you can remove one possible aspect of the problem.
When you eliminate all known problems, the problem has not been resolved.
That is, there are unknown potential problems. this is the issue to be discussed.

He also hopes that you will list the possible problems you know so that you can troubleshoot them.
As for how to solve the problem, that's the end. The problem is not found, and any solution is futile.

Which means the problem is in the cache? If you connect to the database every time, is there no such problem?

Persistent database connections are reused to database servers, but are not reused to database connections.

I am still skeptical about persistent connections. You are right. "a persistent connection will reuse the connection to the database server", provided that the user name and password for the connection are the same, the user names of all enterprises connecting to the server are the same, but the SESSION ['DB'] is used to differentiate the database connections. In this case, is there a certain probability that the database links are also reused? Especially when SESSION ['DB'] is cleared for some unknown reason?

Since several companies can use the same set of software without modifying (including the interface), we can see that these companies are engaged in the same industry. Therefore, it cannot be ruled out that Company A knows the logon password of Company B.

This 100% rule can be ruled out.

If it is caused by the database cache, it is the same as what I analyzed in the first post. data of other enterprises should not be modified. Because the cache only reads data, it is impossible for SELECT statements to take effect even with update delete statements. Right?

Thank you for your enthusiastic help. I will try again for troubleshooting. I feel I have learned a lot.

Tips: data stored using Env can only be read from the web, but cannot be read in php cli mode. please use it as needed.

I didn't use 50 VIRTUAL hosts, just one, just using wildcard domain name resolution. Point all second-level domain names to a virtual host.

Is there a certain probability that database links are also reused?
No possibility exists

Especially when SESSION ['DB'] is cleared for some unknown reason?
If SESSION ['DB'] is cleared, it is equivalent to executing mysql_select_db (''). This is an error (No database selected)

Cache refers to the project cache function.
It is generally used to cache query results and does not read databases when frequently accessed.

If a second-level domain name is used, the second-level domain name should be bound to the database name

Mark
If I did this, I would create a separate table for the customer, and add a customer ID field to each data table and index to make it easy to add customers to the background, which facilitates management ~
When the where xxx filter variable is input at the Model layer of the foreground, add customer ID = xxx ~ However, we are not sure about the disadvantages of this approach.

Tips: data stored using Env can only be read from the web, but cannot be read in php cli mode. please use it as needed.

I didn't use 50 VIRTUAL hosts, just one, just using wildcard domain name resolution. Point all second-level domain names to a virtual host.

? Strange, no? Not much information is provided. ?? Analysis, boss? Analysis ratio? Comprehensive.

Are you the root? Domain name, that is, $ _ SERVER ['host'] judgment? What ????? Connected ??

Can you provide the generation of that part ?? Test?

My current practice is to use one ?? Domain name, program root? Different domain names ?? Different configurations ?.
Company a's http://a.xx.com
Company B http:// B .xx.com

?? Not Cross-Origin. how many are there currently? Enterprises? Of ?? Outbound? String ?? ??, Keep table? ?? Yes, you can borrow it? Look.

My current practice is to use one ?? Domain name, program root? Different domain names ?? Different configurations ?.
Company a's http://a.xx.com
Company B http:// B .xx.com

?? Not Cross-Origin. how many are there currently? Enterprises? Of ?? Outbound? String ?? ??, Keep table? ?? Yes, you can borrow it? Look.

This is a good practice. If you know it earlier, use your method. Haha

The xuzuning moderator is very powerful.
I closed the post first. The current practice is to set an exception judgment in a few places. if it appears again, please come back and ask!