Some basic php/mysql questions...

wellbeing

Hi,

I made my first php page yesterday and a few things came up:

To access the database, I stored the localhost, user name and pw data in a config.php file. Isn't it a security issue to leave this lying on the server? If so, what should I do?

Also, when I put text into a table (using phpMyAdmin, I think) the resulting page displays that text with lots of <br/> tags, and all these big gaps appear. Eventually I just 'compressed' the text before cutting and pasting, but is there a more straightforward way of doing this?

Thanks in advance.

Pig

the config file is fine as long as it is not able to be sent to from the server as a text file. Make sure it is .php or .inc if you have configured apache to allow that. Also, chmod all your files (not just this one) appropriately. Never do 777. If your config file is only going to be accessed by other scripts, then make sure you chmod it accordingly

Also, be careful if you are on a shared server. Depending on how apache is configured, users with know-how can access your files.

Storing info in a database really depends on your design scheme. One popular method is too store just text in your file without any html tags such as br. Then use nl2br() to display it. Just make sure you don't combine the two. You can also use strip_tags() to get rid of any stray <tags> before running it through nl2br().

wellbeing

Thanks.