secure mysql connection

R

rsbypi4

New member
Is there other way to hide the password of mysql inside in PHP.
I have some example,

PHP: 
<?php
$dbuser="root";
$dbpass="12345";//-----secure password
$host="localhost";
$db="Student";
$mysqli=new mysqli($host,$dbuser, $dbpass, $db);
?>

is there other trick's to hide this password?

I don't know also if the way calling of connection is secure.

PHP: 
include('./vendor/inc/Config.php');

if you have some best idea or other way to secure MySql connection, advance thank you so much.
 
Last edited:
rsbypi4 said:
Is there other way to hide the password of mysql inside in PHP.
I have some example,

PHP: 
<?php
$dbuser="root";
$dbpass="12345";//-----secure password
$host="localhost";
$db="Student";
$mysqli=new mysqli($host,$dbuser, $dbpass, $db);
?>

is there other trick's to hide this password?

I don't know also if the way calling of connection is secure.

PHP: 
include('./vendor/inc/Config.php');

if you have some best idea or other way to secure MySql connection, advance thank you so much.
Click to expand...
Instead of hardcoding the database username and password, I utilized environment variables (getenv()). This approach allows you to store sensitive information outside of your codebase, reducing the risk of exposing credentials in version control systems. You can set these environment variables in your server configuration or in a .env file if you are using a library like phpdotenv.
I added a check for connection errors using $mysqli-&gt;connect_error. This ensures that if the connection fails, the script will terminate gracefully with an informative message, rather than allowing the script to continue running in an undefined state.
The use of the null coalescing operator (?: provides a fallback to default values for development purposes. However, in a production environment, it is crucial to ensure that the environment variables are set correctly.

Code: 
<?php
// Securely retrieve database credentials from environment variables
$dbuser = getenv('DB_USER') ?: 'root';
$dbpass = getenv('DB_PASS') ?: '12345'; // Default for development, should be set in environment
$host = 'localhost';
$db = 'Student';

// Create a new mysqli instance with error handling
$mysqli = new mysqli($host, $dbuser, $dbpass, $db);

// Check for connection errors
if ($mysqli->connect_error) {
    die('Connection failed: ' . $mysqli->connect_error);
}
?>
 
You must log in or register to reply here.
Back
Top