I'm quite new to PHP and have a basic idea of SQL...creating/modifying tables etc.
Here's what i'd like to know.
I have two pages - search.html and search.php. I also have an SQL database on which I want to perform searches using the textfield and submit button on the search.html page. Now, you obviously know I would connect to my database using the search.php page with the following code:
Code: Select all
<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// some code
?>
If yes then how do I make sure my DB password and username remain safe? Afterall, the search.php file has to be out there online with that code in it and someone could gain access to my database using those details.
Below are the contents of my search.html file:
Code: Select all
<form method="post" action="Search.php">
Search Database:
<input type="Text" name="Search" size="20" maxlength="30">
<input type="Submit" name="submit" value="Search">
</form>
Thank you for any help guys. I'm not really a pro but I do understand most things.