Page 1 of 1

includes folder

Posted: Tue Mar 13, 2007 6:15 pm
by johnhelen
Hello all

in my php web, I have

Code: Select all

htdocs
  index.php
  ...
includes
  database.inc (in this file, I have variable for database name, username, password)
  ...
And then in the index.php file, I have

Code: Select all

<?php

   include ('../includes/database.inc');

   $from_url = $_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
   ....
   ....

?>
All of this is correct? Can someone see the username and password that I declare in database.inc file ????

Many thanks

sho

Posted: Tue Mar 13, 2007 6:28 pm
by s.dot
No, they cannot. Nobody can see your PHP code... even if it's in a public folder. They can see what the php produces (HTML or such), but not the code.

Posted: Tue Mar 13, 2007 6:29 pm
by RobertGonzalez
They'd be able to see it if they call the .inc file and the server is not configured to prevent it. You should always store those types of details in the PHP file (or a file that is protected with PHP code). If you are not distibuting your code, there is nothing wrong with coding the credentials into your connection function.

Posted: Tue Mar 13, 2007 6:32 pm
by s.dot
ah, yes. I did not see that the database.inc file didn't have a .php extension. if this were a php file (database.inc.php) then nobody could see your stuff.

Posted: Tue Mar 13, 2007 6:42 pm
by johnhelen
Thanks all for fast and great help