an included database connection file

jigsawjoey

In all my php3 pages, I have a statement:

require("pathtodbfile.php3");

Is there any way I can not allow users to hit this file by typing the address into their browser?

Thanks!

jesus_hairdo

you shouldn't need to, as its a php file the server would parse it, and i'm guessing all this include does is set some variables and maybe establish a connect to a database. so if they tried to get at it, they would only get anything that the script outputted using echo's or prints . so if all the file contains is
$dbuser = username;
$dbpassword = password;
$dbhost = my.db.host;

they would just get a blank screen as there are no output commands in there (this is the reason why using a file with a php extension is better that using a .inc file as a lot of people do).

cheers

Jamie

jigsawjoey

Cool--but if they type in the address, and there's no mysql_close() called in the php3 file, will the database close and how long will it take to timeout?

jesus_hairdo

i think it will timeout, how long depends on server settings. The thing to consider is how often this will actually happen, because i don't think very occassional single connections timing out will have a particularly detrimental effect. If you are worried one thing you could do is to protect the file with a username &/ password. just include the username & password in the include string. then in the include file do a check to see if the username & password is correct, if it is set the connect variables, if not show an error message.