Database Security
Posted: Wed Aug 23, 2006 9:08 am
I quote from here: http://www.si.umich.edu/SICOMPOLD/howto ... curity.php
Is this a secured method? Any other suggestion? Thanks!!!PHP-MySQL Security
As far as security goes it might be a good idea to pull your password out of your script. This can be done fairly easily.
I would recommend creating a "data" directory with a 'data.php' file in it. The contents of data.php would be something like this:
<?php
$username='jlockard';
$password='my_password';
$servername='sqldb.si.umich.edu';
?>
in the data directory you'd have a .htaccess file that contained:
<FILESMATCH "\.php$">
order deny,allow
deny from all
</FILESMATCH>
Then, in your regular php scripts, you'd do something like this:
<?php
include("data/data.php");
$db = mysql_connect($servername, $username, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($username, $db);
.... etc ...
?>