includes folder

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

includes folder

Post by johnhelen »

Hello all

in my php web, I have

Code: Select all

htdocs
  index.php
  ...
includes
  database.inc (in this file, I have variable for database name, username, password)
  ...
And then in the index.php file, I have

Code: Select all

<?php

   include ('../includes/database.inc');

   $from_url = $_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
   ....
   ....

?>
All of this is correct? Can someone see the username and password that I declare in database.inc file ????

Many thanks

sho
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

No, they cannot. Nobody can see your PHP code... even if it's in a public folder. They can see what the php produces (HTML or such), but not the code.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

They'd be able to see it if they call the .inc file and the server is not configured to prevent it. You should always store those types of details in the PHP file (or a file that is protected with PHP code). If you are not distibuting your code, there is nothing wrong with coding the credentials into your connection function.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

ah, yes. I did not see that the database.inc file didn't have a .php extension. if this were a php file (database.inc.php) then nobody could see your stuff.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

Post by johnhelen »

Thanks all for fast and great help
Post Reply