Is this a secured method? Any other suggestion? Thanks!!!PHP-MySQL Security
As far as security goes it might be a good idea to pull your password out of your script. This can be done fairly easily.
I would recommend creating a "data" directory with a 'data.php' file in it. The contents of data.php would be something like this:
<?php
$username='jlockard';
$password='my_password';
$servername='sqldb.si.umich.edu';
?>
in the data directory you'd have a .htaccess file that contained:
<FILESMATCH "\.php$">
order deny,allow
deny from all
</FILESMATCH>
Then, in your regular php scripts, you'd do something like this:
<?php
include("data/data.php");
$db = mysql_connect($servername, $username, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($username, $db);
.... etc ...
?>
Database Security
Moderator: General Moderators
Database Security
I quote from here: http://www.si.umich.edu/SICOMPOLD/howto ... curity.php
Thanks feyd,feyd wrote:It adds a razor thin layer of security, and I do mean razor thin. If php is executing properly and the files are named correctly, The username, et al, couldn't be pulled from off server. This protection does not prevent someone on the server from getting the files.
Please explain "off server" vs "on server" people. Can you guild me to a better way?