I have the following (Working fine) script which I use for my database connection for a multiuser webapp. I use a different database for the login, this script is called only after the user is successfully logged in. The login uses PDO.

I would like to know what I can do to

 - make this more secure

 - harder to fail




   

        include('.dbinc.cred.inc.php');
    
        try {
        $dbh = new PDO('mysql:host=' . HOST_ONE . ';dbname=' . DB_ONE . '', USER_ONE, PASS_ONE);
    
        $statement = $dbh->prepare("SELECT user_db, user_db_pass, user_db_user, user_name FROM databases WHERE user_name = :name");
        $statement->execute(array('name' => $_SESSION['user_name']));
    
        foreach ($statement as $row) {
           $user_db = $row['user_db'];
           $user_db_user = $row['user_db_user'];
           $user_db_pass = $row['user_db_pass'];
        }
    
        }
          catch (PDOException $e) {
        print "Error!: " . $e->getMessage() . "<br/>";
        die();
        }
        $dbh = null;
    
        $sql = new mysqli (HOST_ONE,$user_db_user, $user_db_pass,$user_db);
        $sql -> set_charset ( 'utf8' );
        if ($sql->connect_errno)
        {echo "<script language=JavaScript>location.href='#ajax/account_setup.php';</script> ";}


Is it better to do this in 2 files, one for the user check, then define HOST_TWO and so on and include the first file in the second?

Why am I using PDO and then mysqli?

I do this (weird) thing because the whole app uses mysqli_ at the moment and I'm rewriting everything to PDO atm. But actually I need the mysqli connection, though.

Thank you very much for reading and your help!