Jump to content

including database connection

mattyvx

By mattyvx
in PHP Coding Help

 Share

Recommended Posts

mattyvx Member

mattyvx

Posted
Posted

All,

 

I'm thinking of having my database connection in a seperate file which I can include on the pages that need it using

 

include 'myfolder/myconnection.php';

 

does this leave me open to a security risk? I mean yer it removes the redundancy of typing out connect settings each time and makes it easier to regularly change your password but;

 

what if someone else finds the file and then includes it in an external page thus giving them access to my database... right?

Link to comment
https://forums.phpfreaks.com/topic/183253-including-database-connection/
Share on other sites
mattyvx Member

mattyvx

Posted
  • Author
Posted

I know its used alot but I was just thinking what if?....

 

Would they need to read it? Once its included on the page someone with abit of knowledge can run a few queries from an external site.

 

<?php

include 'http://www.mysite.com/connection.php";

// now they can run any query to my database

?>

 

the answer may well be no. Maybe if you call the file something inconspicuous then someone would never know what it was or find it... plus my connection files only have limited database access anyway

 

Just food for thought really...

MisterWebz Newbie

MisterWebz

Posted
Posted

I know its used alot but I was just thinking what if?....

 

Would they need to read it? Once its included on the page someone with abit of knowledge can run a few queries from an external site.

 

<?php

include 'http://www.mysite.com/connection.php";

// now they can run any query to my database

?>

 

the answer may well be no. Maybe if you call the file something inconspicuous then someone would never know what it was or find it... plus my connection files only have limited database access anyway

 

Just food for thought really...

I've never really thought about it that way.

I'm sure it wouldn't work, but i'm still curious to know why it wouldn't work.

Alex Advanced Member

Alex

Posted
Posted

It doesn't leave you open to any security risks, and it's done like this often for the exact purpose you stated, to avoid redundantly writing your connection in every file. People can't just include your connection file like that.

tarlejh Member

tarlejh

Posted
Posted

How would they be able to read your source code without cracking into your server? 

 

And why use "http://" in your path when you can include it from the filesystem rather than over TCP/IP?

 

Normally you'd want to keep your database configuration (e.g. constants defined in  "config.inc.php") above your web document root.

FaT3oYCG Member

FaT3oYCG

Posted
Posted

it wouldnt work as you need the login details for the server, in the settings in your connection file you should have defined the mysql server, usually as localhost so they will not be able to access your db as even if they did include they would need to know the functions and it would reference only to localhost anyway.

 

just to add, they cant re define any variables or functions either as you call the script each time it is required meaning that the functions would be re included each time this is done resetting the database settings etc.

trq Prolific Member

trq

Posted
Posted
it wouldnt work as you need the login details for the server, in the settings in your connection file you should have defined the mysql server, usually as localhost so they will not be able to access your db as even if they did include they would need to know the functions and it would reference only to localhost anyway.

 

This isn't why it wouldn't work. It wouldn't work because files included from a remote location only include the output of that script, not the variables, functions and classes themselves.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.