asmith Posted November 19, 2007 Share Posted November 19, 2007 i have add a line in mysql for a user like : GRANT ALL On *.* to john@localhost IDENTIFIED BY "smith"; and in the "add user" page , i have $connection = mysql_connect ("localhost","john","smith"); $sql= INSERT INTO table_name (username, password) values (....bla bla mysql_query ($sql,$connection); i wanted to know when i upload such file to my web site, is there anyway for someone who could download these php codes ? i mean in this file i have certainly said that there is a john with a password smith user for my mysql , so can anyone download my php code to find out this ? Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted November 19, 2007 Share Posted November 19, 2007 The best way I think is to define your connection in constant.php file and store it in separate folder not on the local directory and include that file in your adduser.php page constant.php will have <?php define ('SERVERHOST','localhost' ); define ('SERVERUSER','serveruser' ); define ('SERVERPASSWORD','yourpassword' ); define ('SERVERDATABASE','dbname' ); define ('LOCALRHOST','localhost' ); define ('LOCALUSER','root' ); define ('LOCALPASSWORD','' ); define ('LOCALDATABASE','localdb' ); // and use the connection like this $sLocalHost=LOCALRHOST; $sServerHost=SERVERHOST; $sLocalUser = LOCALUSER; $sLocalPassword = LOCALPASSWORD; $sServerUser = SERVERUSER; $sServerPassword = SERVERPASSWORD; $sServerDatabaseName = SERVERDATABASE; $sLocalDatabaseName = LOCALDATABASE; $conn = @mysql_connect($sServerHost,$sServerUser,$sServerPassword); if(!$conn) { $conn = mysql_connect($sLocalHost,$sLocalUser,$sLocalPassword); } //$con= mysql_connect("localhost","root"); //On Local Server $db=mysql_select_db($sServerDatabaseName); if(!$db){ $db=mysql_select_db($sLocalDatabaseName); } //----------------------------------------// if($conn=="") { trigger_error('Unable to connect to database: ' . mysql_error()); } ?> Then you can include your constat.php file in user.php file so you don't have to specify a connection each time require_once("includes/constant.php"); Quote Link to comment Share on other sites More sharing options...
asmith Posted November 19, 2007 Author Share Posted November 19, 2007 so this constant.php can't be downloaded ? Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted November 19, 2007 Share Posted November 19, 2007 Until peoples have FTP access they cannot download the file normally. They may know the path and see in the browser but they won't see anything not even through view source for e.g if you have kept the constant.php file like this http://www.mysite.com/mysitename/includes/constant.php and if you see this file in the browser blank page will show up. But you must only keep php codes no table or tds. Quote Link to comment Share on other sites More sharing options...
asmith Posted November 19, 2007 Author Share Posted November 19, 2007 haa !!! thank you so much ! sorry i'm so noob at this, what is FTP access? you meant except localy access? Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted November 19, 2007 Share Posted November 19, 2007 what is FTP access? you meant except localy access? The process by which files are transferred to the web server is called FTP (File Transfer Protocol). Quote Link to comment Share on other sites More sharing options...
asmith Posted November 19, 2007 Author Share Posted November 19, 2007 thanks a bunch ! this question solved completely ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.