nameez Posted January 28, 2009 Share Posted January 28, 2009 i'm learning PHP and seems its common to hardcode DB username and pass in the connection page. How secure is this? what other steps can for the safety of my database? Also can i connect to multiple DB's and work using data from them in PHP? Link to comment https://forums.phpfreaks.com/topic/142801-hard-coding-db-username-and-pass-in-php/ Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 As long as your username and pass are stored in variable they can not be displayed while your server is processing php properly. Another option is to move them outside of your web root all together though. Also can i connect to multiple DB's and work using data from them in PHP? Yes, see mysql_connect. Link to comment https://forums.phpfreaks.com/topic/142801-hard-coding-db-username-and-pass-in-php/#findComment-748504 Share on other sites More sharing options...
nameez Posted January 28, 2009 Author Share Posted January 28, 2009 Another option is to move them outside of your web root all together though. Thanks thorp.is there any tutes or instruction on how to do it? sry if i sound dumb but i'm just learning things.. Link to comment https://forums.phpfreaks.com/topic/142801-hard-coding-db-username-and-pass-in-php/#findComment-748513 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 Not really something you would find a tutorial on. Heres a simple explination. [pre] /home/username /home/username/htdocs <-- your web root. credentials.php [/pre] Now, if you have a file (index.php) in your web root you would use the following to include the credentials file. include "../credentials.php"; Another option is to place your username and passwords in your .htaccess file. if the server is configured properly this shouldn't be readable via the web. .htaccess SetEnv DB_UNAME foo SetEnv DB_UPASS bar Then in php these variables are accessible using.... $db_uname = $_SERVER['DB_UNAME']; $db_upass = $_SERVER['DB_UPASS']; Link to comment https://forums.phpfreaks.com/topic/142801-hard-coding-db-username-and-pass-in-php/#findComment-748550 Share on other sites More sharing options...
nameez Posted January 28, 2009 Author Share Posted January 28, 2009 Not really something you would find a tutorial on. Heres a simple explination. [pre] /home/username /home/username/htdocs <-- your web root. credentials.php [/pre] Now, if you have a file (index.php) in your web root you would use the following to include the credentials file. include "../credentials.php"; Another option is to place your username and passwords in your .htaccess file. if the server is configured properly this shouldn't be readable via the web. .htaccess SetEnv DB_UNAME foo SetEnv DB_UPASS bar Then in php these variables are accessible using.... $db_uname = $_SERVER['DB_UNAME']; $db_upass = $_SERVER['DB_UPASS']; Thanks ill try that Link to comment https://forums.phpfreaks.com/topic/142801-hard-coding-db-username-and-pass-in-php/#findComment-748556 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.