dazz_club Posted February 21, 2008 Share Posted February 21, 2008 Hi guys and girls, I have used files that contain access to my database like this in my index.php at the top, <?php require_once("includes/connection.php"); ?> inside the connection file it looks like this <?php require("constants.php"); //connection the database $connection = mysql_connect("localhost", "root", "xxxx"); if (!$connection){ die("Database connection failed; " . mysql_error()); } //2 select the database $db_select = mysql_select_db("xxx", $connection); if(!$db_select){ die("Database selection failed; ". mysql_error()); } ?> the constant file contains <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> Doing this i thought you would be able to see my database name or the password. However when i viewed my source from a browser out of curiosity , the constants appeared like this. <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xxx"); ?> <html> <head> <title>my site</title> <link rel="stylesheet" type="text/css" href="stylesheets/style.css" /> </head> <body>...... Am i knew to php and i think this is a security flaw. To sort this out would i assign some variables, such as. <? //Database constants define("DB_SERVER", "$variable1"); define("DB_USER", "$variable2"); define("DB_PASS", "$variable3"); define("DB_NAME", "$variable4"); ?> How ever i could be wrong, any hints or suggestions are welcome cheers. Quote Link to comment Share on other sites More sharing options...
uniflare Posted February 21, 2008 Share Posted February 21, 2008 anything enclosed in <?php ?> tags is hidden from the clients browser unless you echo it out. instead of <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> try <?php //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> note the "<?php" instead of just "<?" as some php installations (especially the newer ones) tend to disallow quick open tags such as <?. hope this helps, Quote Link to comment Share on other sites More sharing options...
dazz_club Posted February 21, 2008 Author Share Posted February 21, 2008 Hi uniflare , This worked, couldnt believe i didnt see that, thanks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.