What Goes in Your Code

Many of the code snippets we have shown for accessing databases have included the database name, username, and user password in plain text, as follows:

$conn = @new mysqli("localhost", "bob", "secret", "somedb");

While this is convenient, it is slightly insecure because somebody could have immediate access to our database with the full permissions that the user "bob" has if he got his hands on our .php file.

It would be better to put the username and password in a file that is not in the document root of the web application and include it in our script, as follows:





We should think about doing the same thing for other sensitive data.

9 komentar:

EterniCode said...

Hm...I've always used external info files for storing DB info like that, but I've never thought about putting those files above the document root. Nice. But I do have one small question. I normally include site-wide files with something like:

include("$DOCUMENT_ROOT/path/file.php");

The theory is that if I move the file, the include paths don't change, so I don't have to edit the file every time. How would you include the DB info file if it were stored above the document root? Would you use a path like "$DOCUMENT_ROOT/../file.php"?

Thanks :)
Andrew
http://crosscode.blogspot.com

gaara - kun said...

i think we don't need to add $DOCUMENT_ROOT because without that $DOCUMENT_ROOT php can understand that we put the file above the document root

Anonymous said...

great blog I think you got a great blog!! Thank you for that. I'm definitely going to add u to my favorite, you can get more information from this.

http://www.cyberdesignz.com/

Emma said...

i dunno think i will get any better resource than this one to get familiar with basic code of php that connect server with data base...

PHP Programming

Anonymous said...

Well said fren.U have shared the best points on the importance of the code while accessing the databases with simple techniques.
Cheers !'
web design company

Stephenwilliams said...

Hey that's really a great post and a wonderful description out here, I really like the way things are being executed and discussed here.

Classified php Script

Unknown said...

Excellent tutorial on PHP coding, nice to see you i bookmark it.

PHP Programmers

Unknown said...

Wonderful blog post. I noticed this blog further more useful information. Thanks for sharing your useful views.
Web Development Company in Chandigarh

Unknown said...


Hi, friends
The post is really awesome with lots of information inside. It has knowledgeable post.
Thanks a lot for posting this
Free English Speaking Course in India

top