Creating a userID & Password file

[tcorbeil]

Hello again everyone.

 

I want to create an external script file that stores my user ID & password to access mySQL.. Is this the safest way to protect my info? having the main page call for the my personal info?

 

Also, if so, is there a way to create a php function using an external script? How would I go about?

 

Thanks.

T.

[per1os]

Why use an external script file. A config file stored on the server is usually pretty good. What I usually do is store my mysql data in an array after I initiate the mysql connection make that data null so it cannot be "accidently" printed to the screen.

 

Either way as long as the config file or the file where the password and information is stored is not writeable to the public you should be fine.

[tcorbeil]

Here's a question frost:

 

do you open an sql connection and keep it live all the time?

 

Also, how would you go about making this config file.. I'm having a hard time understanding that if I store the data on mysql, i still need to get it to open mysql which, where I'm opening the connection is on the main page.. a little nervous that someone would download the HTML and be able to retreive my info..  can you elaborate a little more on your concept pleasE?

 

much appreciated Sir.

 

T.

[per1os]

Its not really my concept, just basic scripting knowledge. Almost 90% of scripts use a config file. Even major ones like VBulletin.

 

<?php
// config.php
$config['dbUser'] = "username";
$config['dbPassword'] = "password";
$config['dbHost'] = "localhost";
$config['dbDatabase'] = "dbname";
?>

<?php
//main.php
include('config.php');

// Note I use a class here but for general uses this would work::
// resource mysql_connect ( [string $server [, string $username [, string $password [, bool $new_link [, int $client_flags]]]]] )
mysql_connect($config['dbHost'], $config['dbUser'], $config['dbPassword']);

//bool mysql_select_db ( string $database_name [, resource $link_identifier] )
// note the link is not really necessary as long as you only use this connection throughout the site.
mysql_select_db($config['dbDatabase']);

$config = null; // erase all database connection from memory.

?>

<?php
// index.php
include('main.php');

$qu = mysql_query("SELECT * FROM tblName");

while ($row = mysql_fetch_array($qu)) {
    print_r($row);
}
?>

 

Simple as that.

[tcorbeil]

I can't seem to get it working Frost..

 

Seems when I call the $config['xxxxxx']; in the main file, it does retrieve the value I assigned it in the config file.. as a result, it will not open mysql on the count of password or userid not valid...

 

any ideas?

 

Thanks.

[tcorbeil]

BTW, can't seem to figure out the index.php section of your script.. what is it used for? is this to retrieve data from the database?

 

 

[per1os]

You asked for an example of usage that is an example. The index.php portion is just showing you that as long as you include the main.php you can use mysql since the connection is open and you only need to include main.php once.

 

As for the values not being correct try this:

 

<?php
// config.php
$config['dbUser'] = "username";
$config['dbPassword'] = "password";
$config['dbHost'] = "localhost";
$config['dbDatabase'] = "dbname";
?>

<?php
//main.php
include('config.php');

// Note I use a class here but for general uses this would work::
// resource mysql_connect ( [string $server [, string $username [, string $password [, bool $new_link [, int $client_flags]]]]] )
mysql_connect($config['dbHost'], $config['dbUser'], $config['dbPassword']) or DIE(print_r($config, true));

//bool mysql_select_db ( string $database_name [, resource $link_identifier] )
// note the link is not really necessary as long as you only use this connection throughout the site.
mysql_select_db($config['dbDatabase']);

$config = null; // erase all database connection from memory.

?>

<?php
// index.php
require('main.php');

$qu = mysql_query("SELECT * FROM tblName");

while ($row = mysql_fetch_array($qu)) {
    print_r($row);
}
?>

 

changed the mysql_connect to this for test purposes:

mysql_connect($config['dbHost'], $config['dbUser'], $config['dbPassword']) or DIE(print_r($config, true));

 

to print out the config variables to make sure they are correct.

 

If that does not work post what you are using for the script.

[tcorbeil]

Thanks for you patience Frost..  Here is my script:

I also made the config file filling out all my appropriate info for the variables..  still not go.. If I put the config file locally as in the main page, it works no problem.. 

 

<?php

include("http://www.xxxxx.com/Global/config.php"); //where I located the config file...

mysql_connect(localhost, $config['dbUser'], $config['dbPassword']) or DIE(print_r($config, true)); //as you suggested..

//mysql_connect(localhost,$config["dbUser"],$config['dbPassword']); just REMing the original...

@mysql_select_db($config['dbDatabase']);

 

$config = null; // erase all database connection from memory.

 

$index_id= $_SERVER['SCRIPT_NAME'];

$pi = pathinfo($_SERVER['SCRIPT_NAME']);

 

$slash ="/";

$Root = $pi['dirname'];

$Root = $Root.$slash;

 

$query="SELECT * FROM `subcategories` WHERE link = '$Root'";

$result=mysql_query($query);

$num=mysql_numrows($result);

 

mysql_close();

[per1os]

Thats your first mistake, referencing it from the http://, it needs to be referenced on the server as config.php does not print any data it cannot be processed already.

 

Make the include local IE: include('/path/to/config.php'); and not ('http://www.virtualpath.com/to/config.php'); as the virtualpath does not contain the raw data.

[tcorbeil]

That did the trick! Thanks for your help Frost!

 

T.