how to store database connection details?HOST,USERNAME,PASS

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

how to store database connection details?HOST,USERNAME,PASS

Post by raghavan20 »

I used to pass database connection details from the same file I am running the script.
Now, I think that its not a good idea.
I am looking for suggestions where to store database connection details...like in a file???
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

first, I'd use a database abstraction class layer. This allows you to store the connection information there, or what I prefer, in a configuration file that is outside the webroot. A lot of hosts don't allow access outside the webroot to scripts however.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Have a look at the registry pattern. Designed to store data in a globally accessible way.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

what feyd said is best, storing it in a php file outside of the web root, that is, if you have access to it.
Lobster
Forum Newbie
Posts: 4
Joined: Sat Sep 10, 2005 3:55 pm

Post by Lobster »

Even if you haven't got access to anything outside the webroot, you're still fairly safe with a php file so long as it's guaranteed to be parsed. Just to be sure (you never know what might happen if php gets damaged/reinstalled) I put a Deny from all on the file using .htaccess
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

On shared servers, your trusting your neighbors. Basically, if one of your neighbors can guess the name and path of your config file it's theirs for the taking. Shared servers are not safe.

Having said that, Feyd's suggestion is best followed by Lobster's.
User avatar
sweatje
Forum Contributor
Posts: 277
Joined: Wed Jun 29, 2005 10:04 pm
Location: Iowa, USA

Post by sweatje »

My situation may be different than most, but I will pass it on anyway in case someone can benefit from it. I have a number of databases (5-10) which I regularly connect to in various application. What I ended up doing was writing a parameterized Factory function into my database connection library. I happen to favor ADOdb as a database access layer, so by passing a string identifying which database I need to connect to, the Factory returns an ADOdb Connection already connected to the correct resource. If connection information changes (user names, hosts, etc.), I change them only in my standard db connection include and every application continues to work.

HTH
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

A lot of Model classes use an instance of the DAO class. The DAO class is a wrapper around ADODB (some extra SQL generation etc..) and accepts a DSN string and the table name in the constructor..

Because, i don't want all my Model classes to call new DAO(.., ...) for maintenance issues (dsn changes or dao is replaced by DAO2) i have a Configuration class... This class is responsible to generate the DAO that a Model class requires..

Here is how that Configuration class looks like...

Code: Select all

/**
 * This class represents a Configuration container
 *
 * @author      Tim Van Wassenhove <timvw@users.sourceforge.net>
 */
class Configuration
{
    /**
     * Returns an appropriate DAO
     *
     * @param string $name the name of the DAO
     * @return DAO an instance of the DAO
     */
    function getDAO($name = '')
    {
        require_once(TVW_EXT . '/timvc/dao.php');
        $dsn = 'mysql://user:password@example.com/dbname';

        switch($name)
        {
                case 'messages':
                        $table = 'message';
                        $dao = new DAO($dsn, $table);
                        break;

                case 'feeds':
                case 'feedcontents':
                default:
                        $table = $name;
                        $dao = new DAO($dsn, $table);
                        break;
        }

        return $dao;
    }
}
And now implementations of a Model can use that as following:

Code: Select all

class Users extends Model
{
  function __construct()
  {
     $this->dao = Configuration::getDao('users');
     parent::Model($dao);
  }
}
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

Thanks for replies guys. as far as now, I have a hosting company where I host my sites so I dont have access to documents out of wwwroot myself. I will store the database connection in one php file which will have a function and return an array of hostname, username & password.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

why not use a database abstraction layer so you don't have to care about the host, user and password? Just tell it to connect.. and it knows how.. :?
Post Reply