Is there a way to hide all database info such as password, username, etc?

前端 未结 2 757
深忆病人
深忆病人 2021-01-16 16:56

I\'m creating several php scripts. Must I always insert the host, username, password, etc. for every script for the same database and table? Is there a way to make referenc

相关标签:
2条回答
  • 2021-01-16 17:21

    While PHP files are executed and thus the source code is not visible from the web, an accidental misconfiguration could change this. You could put the DB configuration in a separate file outside the wbeserver's document root directory and use PHP's require command to include it in the other scripts.

    However, depending on the PHP configuration, files outside the docroot may not be accessible to PHP scripts, but there are ways around this. This SO question discusses these issues in detail

    0 讨论(0)
  • 2021-01-16 17:28

    If you don't want to put the credentials in php files then you can put them the php.ini configuration file.

    mysql.default_host = "localhost"
    mysql.default_user = "user"
    mysql.default_password = "pass"
    

    then in the php source:

    <?php
    
    $connect_db = mysql_connect();
    $err = mysql_error();
    if ($err != "")
    {
            echo "Error connecting to database: $err";
            die;
    }
    
    if (!mysql_select_db("mydomain_com_test", $connect_db))
    {
            echo mysql_error()."<br/>";
            die;
    }
    
    $sql = "SELECT NOW()";
    $rows = mysql_query( $sql );
    
    ?>
    
    0 讨论(0)
提交回复
热议问题