Correct way to connect to MYSQL

[ejaboneta]

So right now, I have a php file with the mysql username, pass, etc. and a php file with the mysql connection code. My index file includes both to connect.

 

Is there a better way to do it for any reason? I'm trying to learn about security.

[aliento]

there is only one way

and there are no security risk by the code

[The Little Guy]

Why don't you have them all in one file?

[haku]

The most secure way to do this is to keep your username, password, and host set in variables in a file above the document root. So for example, if your document root is /public_html/, then you would want to put the three variables in a file in the folder that /public_html/ is contained in. Then in your database connection you can include that file. So for example, you could create db_variables.php, and in that have this:

 

define('HOST', 'localhost');
define('USERNAME', 'username'); // change the lowercase 'username' to your actual username
define('PASSWORD', 'password'); // change the lowercase 'password' to the actual password

 

Then you include that file before your database connection:

 

include('../db_variables.php');
db_connect(HOST,USERNAME,PASSWORD);

 

(note: the above code is for a file that is in the document root - i.e the public_html folder, not a subfolder of that).

 

 

[Dtonlinegames]

I usually use Haku's idea except one step further

 

I tend to use

 

define(MPASSWORD,'password',true);
define(MUSER,'username',true);
define(MSERVER,'localhost',true);
define(DB,'database',true);
define(MCONNECT,''.mysql_connect(MSERVER,MUSER,MPASSWORD.'',true);
define(DBCONNECT,''mysql_select_db(DB).'',true);

 

And as he says use it as an include from your root folder