where to store mysql_connect username and password

Codes here !

Moderators: egami, macek, gesf

Post Reply
Romantik
New php-forum User
New php-forum User
Posts: 67
Joined: Mon Feb 24, 2003 2:55 am
Location: ../Ukraine/Kherson
Contact:

Tue Feb 25, 2003 12:52 am

Code: Select all

<? # config.php
$dbName=  "dbName";
$dbUser=    "dbUser";
$dbPass=    "dbUserPass";
$dbServer=  "dbServer";

$dbh= mysql_connect(....)or die(...);
$res= mysql_select_db(.....)or die(...);
?>
// We bear this file for limits server
<? #YourScript.php
require_once("YourPath/config.php");
// Your Code
?>
PHP+MySql= Love :)

Oleg Butuzov
Last Samuray
Last Samuray
Posts: 824
Joined: Sun Jun 02, 2002 3:09 am

Tue Feb 25, 2003 7:07 am

just do it... test it.

pootergeist
New php-forum User
New php-forum User
Posts: 191
Joined: Wed Jan 29, 2003 7:11 am
Location: UK
Contact:

Tue Feb 25, 2003 2:45 pm

you probably just want to put it beyond public access and sling a .htaccess in the folder to assure calling headers included your domain as the request_uri
avatar image based upon nasas apod (only updates if I post though)

User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Tue Feb 25, 2003 6:47 pm

on a shared server there is really not much you can do.

Oleg Butuzov
Last Samuray
Last Samuray
Posts: 824
Joined: Sun Jun 02, 2002 3:09 am

Tue Feb 25, 2003 10:40 pm

mindows wrote:i know the above code works, nike. my problem is that *anyone* on that system can read the config.php file.


1) Who is nike?
2) Anyone can read vars from script if thay using your server...

User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Wed Feb 26, 2003 12:57 am

amallah wrote:So, if you run a web hosting service, pretty much security is down the drain? Are we saying that PHP is not meant for professional hosting then? If I have a database of user credit card numbers, then it's pretty much a free for all if you can get any type of access to the box?


It all depends on how the server has thier configuration. Most systems it is secure enough to make it difficult for people to get into and have resrictions from people accessing scripts cross domain. What I would do for your config.inc.php is make a dir behind the public_html. The only thing is no system is hacker proof. Credit Cards should NEVER be stored on a shared server. no exceptions.

Post Reply