Is it safe to use php_include file for mysql login information or is is better to copy/paste the login info for mysql on every page? If you go with php_include, how will you block that file from being seen?
+4
A:
Use an include with the .php include set outside the html root (usually /var/www or public_html)
Gazler
2010-09-13 18:28:31
@Gazier. Thanks for the response but new to the game. Not sure what you mean.
AAA
2010-09-13 18:31:10
Where is your document root? As in, the folder you upload to which http://yoursite.com points to? Put it somewhere above that folder.
Gazler
2010-09-13 18:32:39
You mean to put it in any folder or section other than where they website content is uploaded?
AAA
2010-09-13 18:45:00
nope. Sessions work by creating a unique identification(UID) number for each visitor and storing variables based on this ID. This helps to prevent two users' data from getting confused with one another when visiting the same webpage.
poscaman
2010-09-19 10:45:52
A:
Even if that file is in the public_html it shouldn't echo/display the information nor be downloadable by browser so you are okay in that regard. You can block directory access to where it is with the httpd/apache2.conf file or .htaccess assuming this is an apache server.
Also I've been told by some dev's before to use require_once instead but that's up to you.
Brian Huenefeld
2010-09-13 18:32:37
@brian thanks for the response. How do you configure the apache2.conf file to block files from being downloaded via the browser or any other way?
AAA
2010-09-13 18:37:15
that's a bit more complicated but try an .htaccess file first because it's much simpler. place a file called ".htaccess" inside of the same directory as the included php file.
Brian Huenefeld
2010-09-13 18:47:39
"deny from all" should be the the file's contents, this is a great resource -> http://www.htpasswdgenerator.com/apache/htaccess.html
Brian Huenefeld
2010-09-13 18:49:25
A:
Create a connection.php
$host = "localhost"; //server
$user = "user"; //username
$pass = "pass"; //password
$db = "db1"; //database
$con = @mysql_connect($host,$user,$pass); //connection
if(!$con){
die("Could Not Connect to $host: ".mysql_error());
} //if NOT connected force error
$db_select = @mysql_select_db($db); // database connection
if(!$db_select){
die("Could Not Select $db: ".mysql_error());
} //if NOT connected force error
Put this file connection.php outside your /www or /public_html folder
Add
require_once("../whereeverthismaybe/connection.php");
as the first line on every page you need it for.
-jt
taylorjes
2010-09-13 18:41:09
Thanks Taylor. When you say put this outside any of your public_hmtl folder, you mean a separate folder that doesn't have any website files right?
AAA
2010-09-13 18:44:33
yes and a folder that has no "access" from the web. A typical structure would be home/{files/folders}/public_html for your website. Anything "above" the public_html will be not accessible from the web, but when the .php is processed internally your web files will have access.. this prevents unauthorized access to your login information.
taylorjes
2010-09-13 18:48:30