Allow direct access to a file in Joomla without security breaches

Question

I created an image on a php file and wrote some text over it. I do not use any user input, but I do access my database. Normally Joomla files start with

defined( '_JEXEC' ) or die( 'Restricted access' );

but I want to link this image or even use it as image on forums; therefore, I cant use this line. In this example would my website still be safe?

Everything is enclosed by

try {
$pdo = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt = $pdo->prepare("SELECT * FROM newData");
        $stmt->execute();
        $result = $stmt->fetchAll(PDO::FETCH_NUM);
        foreach($result as $row) {
           pseudo code...grab image, make a string with data from the query and write 
                         on top of image
        }
        show image.
} catch(PDOException $e) {
            file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
        }

Or whats a safer/better way to achieve the same results.

Answer 1

Why not using Joomla Standard when you are using external files/scripts.

The above method is not good for security or mysql query standards (You have to set the DB details on multiple places its a bad idea).

My suggestion is to use Joomla frame work inside your external scripts.

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root,means path to Joomla installation
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
$db = JFactory::getDBO();
$sql ="your query";
$db->setQuery($sql);
$db->query();
$result = $db->loadAssocList();//for multi rows, for single rows loadAssoc()

Hope its helps..