?Put connection data where users can't access it directly?

Codes here !

Moderators: macek, egami, gesf

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

?Put connection data where users can't access it directly?

Postby azw » Fri Nov 01, 2002 11:13 pm

Hi,

In several PHP pages I use the same lines to set up a connection to a mySQL database.

// set variables for database
$Host = "localhost";
$User = "xxx";
$Password = "yyy";
$DBName = "zzz";
$TableName = "aaa";

I'd rather put this somewhere besides in a php file, since it contains my username and password.

Is it possible to use an option file with a php file? It looks to me as though option files are only usable with the command line or batch scripts.

It would be possible to put these in a php file and then call it with the php require function. That'd be okay if I could place this above (or maybe it's below?) my home directory. Unfortunately, with Discount-Hosting I don't have access to anything higher than my home directory. Am I right in assuming that this kills that method?

Any other ideas on how to do this?

Thanks!
Art

DoppyNL

Postby DoppyNL » Sat Nov 02, 2002 12:25 am

You can use the function include to include other files in your script. If you want to terminate processing when the file is not available you can use require.
Put the login information in another file and include that in all the files you need your database.
give that file the extention .php, that way your password will not be exposed when someone finds that file.

Greetz Daan

Jay

Postby Jay » Sat Nov 02, 2002 2:36 am

Why would you want to do that? No-one except anyone with direct FTP access can view anything stored in your PHP file, because it gets parsed if called via HTTP. I don't see what you stand to gain.

DoppyNL

Postby DoppyNL » Sat Nov 02, 2002 2:40 am

azw wanted his database-login-code to be in only one file instead of multiple files.
It's very simple to include a login.php script for your database in all those files, then when your database settings change, you only have to change one file.
You need to call it .php so it gets parsed, rather then displayed.

Greetz Daan

Jay

Postby Jay » Sat Nov 02, 2002 3:14 am

OIC, it was this that got me "I'd rather put this somewhere besides in a php file, since it contains my username and password.", I thought he was on about security!

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

Postby azw » Sat Nov 02, 2002 8:16 am

Hi,

You're both right. I was concerned with both security and ease of change. Once again, I appreciate your help!

If I don't have to worry about just putting them in the xxx.php file, I can do that.

Thanks!

Art


Return to “mySQL & php coding”

Who is online

Users browsing this forum: No registered users and 0 guests