mysql tunnelling over ssh

There is a database that is only accessible from a remote server. In order to connect to the database, you have to ssh into the remote server and then connect to the database. MySQL tunnelling over ssh allows you to make the connection to the database on your local machine. You still go through the remote server first but it is hidden in the background. This command connects you to the remote server, hides it in the background, opens up the port 3307, when there are requests to localhost port 3307, they will be redirected to myremotedatabase.com:3306.

ssh -fNg -L 3307:myremotedatabase.com:3306 username@myremoteserver.com

Now you can connect to the remote database from your local machine.

mysql -h 127.0.0.1 -P 3307 -u username -p

Connect in php.

<?php
mysqli_connect("127.0.0.1:3307","username","pass","db_name");
echo mysqli_connect_errno() ?  "Failed!\n" : "Success!\n";
?>

3307 is the local port
myremotedatabase.com is the domain of the remote database, or it could be an ip address
3306 is the port number of the remote database
username is the username that you use to connect to your remote server
127.0.0.1 is localhost of your local machine

-f Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background. This
implies -n. The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm.

-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
-g Allows remote hosts to connect to local forwarded ports.
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brack-ets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or `*’ indicates that the port should be available from all interfaces.