Geek Answers Handbook

PHP5 database password and can it be stolen?

Hi guys, I am new to php and I found that to connect to the database you enter your password directly into the .php file ("mysql_connect ($ host, $ user, $ pass, $ db"). I read about hashing and I'm going to use hashing, but the question is whether the user can download the precompiled .php file and look at the source code and therefore get my database password. If it says "domain / home", I have index.php file , which prevents the user from entering the directory. Thank you in advance.

+5
source share
4 answers

As mentioned by other respondents, this should usually not be a problem, as users will not be able to see the PHP code. If, however, you plan to share the code with others, it may be a bit of a hassle to remove the username and password before sending it to someone (and if you forget that they will recognize your password).

So you can put the information in a file and then read it in PHP. For example, create a file with a name mysql.iniin your home directory and put the following information in it:

host     = "127.0.0.1"
username = "user"
password = "pass"
database = "db"

Then read it in PHP and plug in, for example:

$settings = parse_ini_file('/home/mysql.ini');
mysql_connect($settings['host'], $settings['username'], $settings['password'], $settings['database']);

Remember to make sure that the file is located in a section of the web server that is not publicly accessible, otherwise people will be able to read your registration information.

+3
source

MySQL - . , . ( , ) - , , .

, , mysql_connect , require , .

config.php , , , config.php .

+3

.php

mod_php, - ( -) , - , , PHP. -, - , -.

, ; . , . - , / . , , , , .

- , , . - . , , .

+3

php- - . php-? ​​ . -, - , php .

+2

More articles:


All Articles