Safe place to store php values for msql_connect?

Question

Safe place to store php values for msql_connect?

Was it the safest place to store my values to be used in mysql_connect, as well as the safest way to name this variable is it better to use require, include, or something else?

thank:)

+4

security php mysql

Oliver bayes-shelton Feb 18 '10 at 10:38

source share

2 answers

, :

, - . , PHP .
config.php . :

$databases = array(
      "read" => array("host" => "127.0.0.1", 
                      "user" => "read", 
                      "pword"=> "secret",
                      "dbase"=> "projectName"));

PDO ( ) Database, .

class Database extends PDO{
  function __construct($database){
    global $databases;
    $db = $databases[$database];
    parent::__construct("mysql:dbname=".$db['dbase'].";host=".$db['host'], 
                        $db['user'], $db['pword']);
  }
}

, . , ( ).

+1

Marius 18 . '10 10:52

Pekka 웃 · Accepted Answer · 2010-02-18T10:40:42+0000

The best place to store it IMO is in the PHP file (regardless of whether you use it requireor includeit doesn’t matter) outside the root website, i.e. not directly available in the browser.

<?php

  $db_server = "xyz";
  $db_user = "def";
  $db_password = "abc";

?>

If there is no access outside the web root

@Yacoby wrote this in his answer. He has deleted it since then, but it is definitely worth mentioning.

-, -. - .htaccess, Deny from All. . , , 403 Forbidden.

Safe place to store php values ​​for msql_connect?

More articles:

Safe place to store php values for msql_connect?