dazz_club Posted February 21, 2008 Share Posted February 21, 2008 Hi guys and girls, I have used files that contain access to my database like this in my index.php at the top, <?php require_once("includes/connection.php"); ?> inside the connection file it looks like this <?php require("constants.php"); //connection the database $connection = mysql_connect("localhost", "root", "xxxx"); if (!$connection){ die("Database connection failed; " . mysql_error()); } //2 select the database $db_select = mysql_select_db("xxx", $connection); if(!$db_select){ die("Database selection failed; ". mysql_error()); } ?> the constant file contains <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> Doing this i thought you would be able to see my database name or the password. However when i viewed my source from a browser out of curiosity , the constants appeared like this. <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xxx"); ?> <html> <head> <title>my site</title> <link rel="stylesheet" type="text/css" href="stylesheets/style.css" /> </head> <body>...... Am i knew to php and i think this is a security flaw. To sort this out would i assign some variables, such as. <? //Database constants define("DB_SERVER", "$variable1"); define("DB_USER", "$variable2"); define("DB_PASS", "$variable3"); define("DB_NAME", "$variable4"); ?> How ever i could be wrong, any hints or suggestions are welcome cheers. Link to comment https://forums.phpfreaks.com/topic/92279-php-security/ Share on other sites More sharing options...
uniflare Posted February 21, 2008 Share Posted February 21, 2008 anything enclosed in <?php ?> tags is hidden from the clients browser unless you echo it out. instead of <? //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> try <?php //Database constants define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "xxx"); define("DB_NAME", "xx"); ?> note the "<?php" instead of just "<?" as some php installations (especially the newer ones) tend to disallow quick open tags such as <?. hope this helps, Link to comment https://forums.phpfreaks.com/topic/92279-php-security/#findComment-472751 Share on other sites More sharing options...
dazz_club Posted February 21, 2008 Author Share Posted February 21, 2008 Hi uniflare , This worked, couldnt believe i didnt see that, thanks for your help! Link to comment https://forums.phpfreaks.com/topic/92279-php-security/#findComment-472764 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.