Database password security using mysql_connect
Posted: Tue Jun 09, 2009 7:45 am
Hello,
I'm quite new to PHP and have a basic idea of SQL...creating/modifying tables etc.
Here's what i'd like to know.
I have two pages - search.html and search.php. I also have an SQL database on which I want to perform searches using the textfield and submit button on the search.html page. Now, you obviously know I would connect to my database using the search.php page with the following code:
Of course this is the code for when I'm on localhost and all the files and the databases are on my PC. The actual question here is that when I upload the search.html and the search.php to the webserver online, will someone be able to get access to the search.php page and see my database username and password in it within $con = mysql_connect("localhost","username","password") ?
If yes then how do I make sure my DB password and username remain safe? Afterall, the search.php file has to be out there online with that code in it and someone could gain access to my database using those details.
Below are the contents of my search.html file:
I'm also using $_POST in my search.php page.
Thank you for any help guys. I'm not really a pro but I do understand most things.
I'm quite new to PHP and have a basic idea of SQL...creating/modifying tables etc.
Here's what i'd like to know.
I have two pages - search.html and search.php. I also have an SQL database on which I want to perform searches using the textfield and submit button on the search.html page. Now, you obviously know I would connect to my database using the search.php page with the following code:
Code: Select all
<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// some code
?>
If yes then how do I make sure my DB password and username remain safe? Afterall, the search.php file has to be out there online with that code in it and someone could gain access to my database using those details.
Below are the contents of my search.html file:
Code: Select all
<form method="post" action="Search.php">
Search Database:
<input type="Text" name="Search" size="20" maxlength="30">
<input type="Submit" name="submit" value="Search">
</form>
Thank you for any help guys. I'm not really a pro but I do understand most things.