Page 1 of 1

Database passwords

Posted: Mon Oct 10, 2005 12:17 pm
by Luke
When I connect to a mysql database, I always just put the user and password in a php file, and include that file for any page I connect on... so here is the user and password file...
dbvars.php:

Code: Select all

<?php
$dbhost = "localhost";
$GLOBALS['dbhost'] = $dbhost;

$dbuser = "username";
$GLOBALS['dbuser'] = $dbuser;

$dbpass = "password";
$GLOBALS['dbpass'] = $dbpass;
?>
And here is the file I include it in:
database.php

Code: Select all

<?php
include("dbvars.php");
if(mysqlconnect($GLOBALS['dbhost'], $GLOBALS['dbuser'], $GLOBALS['dbpass'])){
    //Do whatever with the connection.
}
?>
Is there a better or more secure way to do this? I know storing my database password in a php file isn't very secure, how do you all do it?

Posted: Mon Oct 10, 2005 12:18 pm
by Charles256
i tend to make all of m connections i need on one page and inclde that page at the top of every page i need it on without using global variables :-/

Posted: Mon Oct 10, 2005 12:19 pm
by Luke
What do you mean?

Posted: Mon Oct 10, 2005 12:25 pm
by Charles256
dbconnect.php

Code: Select all

$db="host";
$user='user';
$pass='pass';
mysql_connect($db,$user,$pass);
make some database connections..
any page i need to manipulate database info.php :-D

Code: Select all

include("dbconnect.php");
tada

Posted: Mon Oct 10, 2005 12:29 pm
by Luke
So you basically do what I do... isn't that a security issue having the database password included in your file?

Posted: Mon Oct 10, 2005 12:32 pm
by Charles256
there's a difference. i don't use global variables..i don't like em:-/ and not really. i've NEVER seen it done any way else.

Posted: Mon Oct 10, 2005 12:43 pm
by John Cartwright
One armed space goat wrote:So you basically do what I do... isn't that a security issue having the database password included in your file?
Depends, are you on a shared host? If you arn't then no one will be able to access your files.
Don't get me wrong, shared hosts can be configured (properly) to prevent this.. depends on your host.

Secondly, reguarding your use of GLOBALS, they are generally bad to use. Why don't you simply move your mysql_connect into your include file and eliminate the globals all together?

3000th post :twisted:

Posted: Mon Oct 10, 2005 12:56 pm
by Luke
alrighty.

Posted: Mon Oct 10, 2005 8:02 pm
by Skara
Things like that work better (for me) if I define them rather than set them as variables. Variables are meant to be changed--which is why they're called vary-ables. :P

Code: Select all

define('MYSQL_USER','username');
echo MYSQL_USER;
;)

Posted: Tue Oct 11, 2005 11:18 am
by Luke
Skara wrote:Things like that work better (for me) if I define them rather than set them as variables. Variables are meant to be changed--which is why they're called vary-ables. :P

Code: Select all

define('MYSQL_USER','username');
echo MYSQL_USER;
;)
Cool, I forgot all about defining... I'll have to use that. Thanks :)