Jump to content

php security

dazz_club

By dazz_club
in PHP Coding Help

 Share

Recommended Posts

dazz_club Member

dazz_club

Posted
Posted

Hi guys and girls,

 

I have used files that contain access to my database like this in my index.php at the top,

 

<?php require_once("includes/connection.php"); ?>

 

inside the connection file it looks like this

<?php
require("constants.php");
//connection the database
$connection = mysql_connect("localhost", "root", "xxxx");
if (!$connection){
	die("Database connection failed; " . mysql_error());
}
//2 select the database
$db_select = mysql_select_db("xxx", $connection);
if(!$db_select){
	die("Database selection failed; ". mysql_error());
}
?>

 

the constant file contains

<?
//Database constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "xxx");
define("DB_NAME", "xx");
?>

 

Doing this i thought you would be able to see my database name or the password. However when i viewed my source from a browser out of curiosity , the constants appeared like this.

<?
//Database constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "xxx");
define("DB_NAME", "xxx");
?>	
<html>
<head>
	<title>my site</title>
<link rel="stylesheet" type="text/css" href="stylesheets/style.css" />		
</head>
<body>......

 

Am i knew to php and i think this is a security flaw. To sort this out would i assign some variables, such as.

<?
//Database constants
define("DB_SERVER", "$variable1");
define("DB_USER", "$variable2");
define("DB_PASS", "$variable3");
define("DB_NAME", "$variable4");
?>

How ever i could be wrong, any hints or suggestions are welcome cheers.

 

Link to comment
Share on other sites
uniflare Newbie

uniflare

Posted
Posted

anything enclosed in <?php ?> tags is hidden from the clients browser unless you echo it out.

 

instead of

 

<?
//Database constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "xxx");
define("DB_NAME", "xx");
?>

 

 

try

 

<?php
//Database constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "xxx");
define("DB_NAME", "xx");
?>

note the "<?php" instead of just "<?" as some php installations (especially the newer ones) tend to disallow quick open tags such as <?.

 

 

hope this helps,

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.