Page 1 of 1

newbie question on php security

Posted: Wed Jun 26, 2002 1:38 am
by Braendan
Hi,

Sorry bout this post. You know when you write a php script and you place that

Code: Select all

$connect=@mysql_connect("localhost","username","password") or die ("couldnt connect to sql server");
How safe is this ?

When a user uses a programme which does a grab of this entire site i think the user will be able to see the whole script or am i wrong ?

Is putting all the username/password/db settings in a seperate file and including it the only option ?

Best Regards
Braendan

Posted: Wed Jun 26, 2002 2:10 am
by twigletmac
PHP code is server-side, that means that it is executed before it reaches the browser and the user doesn't see any PHP in the source code. So if your server is set-up to parse all files with the extension .php as PHP and your files have this extension then you don't have to worry, all the user will see is HTML and depending what else you use maybe some CSS and Javascript.

Mac

Posted: Wed Jun 26, 2002 2:13 am
by Braendan
thanks a lot :)