Create a new text file and enter your mysql server userid and pass info:
Code: Select all
SetEnv DB_USER “your_username”
SetEnv DB_PASS “your_password”
Save this flle and give it name, such as db_info. When you save it, make sure you save it
outside your document root. So, for example, if your server path it:
then create a new directory (for this example, I made new directory called
inc) and save the file in the new directory:
Now, you need to edit your httpd.conf file, and add this line:
Code: Select all
Include “/user/www/domain.com/inc/db_info”
Now, to use your userid and password in your scripts use:
Code: Select all
UserID: $_SERVERї'DB_USER']
Password: $_SERVERї'DB_PASS']
This makes your scripts more secure now because you never have to use your userid and password in any of you scripts. And you dont have to include anything as well, so even if someone was able to get your source code, they would not get your mysql userid and pass. And your db_info file is outsite of your document root path and is not acceable to outside users. Just be carefull not to use
phpinfo() or
print_r($_SERVER) as it will expose your userid and password variables.