[SOLVED] mysql security fast question

[asmith]

i have add a line in mysql for a user like :

GRANT ALL On *.* to john@localhost IDENTIFIED BY "smith";

 

 

and in the "add user" page , i have

$connection = mysql_connect ("localhost","john","smith");

 

$sql= INSERT INTO table_name (username, password) values (....bla bla

mysql_query ($sql,$connection);

 

 

i wanted to know when i upload such file to my web site,

is there anyway for someone who could download these php codes ?

i mean in this file i have certainly said that there is a john with a password smith user for my mysql ,

so can anyone download my php code to find out this ?

[~n[EO]n~]

The best way I think is to define your connection in constant.php file and store it in separate folder not on the local directory and include that file in your adduser.php page

 

constant.php will have

 

<?php define ('SERVERHOST','localhost' );
define ('SERVERUSER','serveruser' );
define ('SERVERPASSWORD','yourpassword' );
define ('SERVERDATABASE','dbname' );
define ('LOCALRHOST','localhost' );
define ('LOCALUSER','root' );
define ('LOCALPASSWORD','' );
define ('LOCALDATABASE','localdb' );
// and use the connection like this 
$sLocalHost=LOCALRHOST;
$sServerHost=SERVERHOST;
$sLocalUser = LOCALUSER;
$sLocalPassword = LOCALPASSWORD;
$sServerUser = SERVERUSER;
$sServerPassword = SERVERPASSWORD;
$sServerDatabaseName = SERVERDATABASE;
$sLocalDatabaseName = LOCALDATABASE;
$conn = @mysql_connect($sServerHost,$sServerUser,$sServerPassword);
if(!$conn) {
$conn = mysql_connect($sLocalHost,$sLocalUser,$sLocalPassword);
}
//$con=  mysql_connect("localhost","root"); //On Local Server
$db=mysql_select_db($sServerDatabaseName);
if(!$db){
$db=mysql_select_db($sLocalDatabaseName);
}
//----------------------------------------//

if($conn=="")
{
  trigger_error('Unable to connect to database: ' . mysql_error());
}
?>

Then you can include your constat.php file in user.php file so you don't have to specify a connection each time

require_once("includes/constant.php"); 

[asmith]

so this constant.php can't be downloaded ?

[~n[EO]n~]

Until peoples have FTP access they cannot download the file normally. They may know the path and see in the browser but they won't see anything not even through view source  for e.g if you have kept the constant.php file like this

http://www.mysite.com/mysitename/includes/constant.php

and if you see this file in the browser blank page will show up. But you must only keep php codes no table or tds.

 

 

[asmith]

haa !!! thank you so much !

sorry i'm so noob at this, what is FTP access? you meant except localy access?

[~n[EO]n~]

what is FTP access? you meant except localy access?

The process by which files are transferred to the web server is called FTP (File Transfer Protocol).

[asmith]

thanks a bunch ! this question solved completely !