PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
$con = mysql_connect("localhost","peter","abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if (mysql_query("CREATE DATABASE my_db",$con))
{
echo "Database created";
}
mysql_close($con);
?>
If I write down the password and username for connecting the database in PHP file, people can download my PHP file and find my username and password to my server. So this is not a safe way to connect to database. Isn't it?
What is the proper way to connect then (without letting people know my password and username)?
Thanks for your help.
Last edited by Benjamin on Mon Jun 29, 2009 11:21 pm, edited 1 time in total.
Reason:Changed code type from text to php.
I think it's just paranoia without actually understanding what's really going on, but many people advocate storing information like that in a file outside the web root (as in it's not contained in any file available through your website). For example, if your site is located at /home/data2009/public then you could put a config file at /home/data2009/private/config.php; this would have the usernames and passwords and such (perhaps as constants).
Or if you are crazy about security you may block any kind of attempt from web using a .htaccess file. I saw "smart" people making nice ini files and forgot to do that
And remember nothing is 100% secure, for example someone may hack your host and in that moment you may say: "Houston we have a problem".
Do not worry, if you don't create any apache problems nobody will see the source of your php files .
What i said that is properly to deny access to the file using .htaccess is because it happened to me once, the hosting made some upgrades and everything was available to every people. The other solution is to put your config file outside www folder.
I just know something about PHP programming. Can you explain me how .htaccess works? What do I need to do?
Regarding the config file. What config file? Will the site still run if I move it to another directory? No other modifications are required?
Usually you store these kind of parameters into a dedicated file, called config.php because if you want to change something you don't want to browse all project to make the update.
Lets say for example you will make a file called config.inc.php the htaccess file should look:
Can you explain the codes between the brackets? first allow then deny and deny from all?!
Do I need to specify all php files in the config.php file whether they are allowed?
The code is available only for the specified file, you create a fille '.htaccess' and put the code inside. The code is blocking web access to the file, but allows accessing internally in your scripts.