where to store db config info

vermaha

What's the best place to store all the $user, $password, $dbname data used to connect to a database? I guess a PHP script in /httproot/config/dbsettings.php is not safe?

$GLOBALS["dbserver"] = "mysql.server.com";
$GLOBALS["dbname"] = "thedbname";
$GLOBALS["dblogin"] = "dbusername";
$GLOBALS["dbpassword"] = "letmein";

The account provider does NOT allow me to create any dirs outside the httproot. There must be a better way and safer location to do something like this??

Thanks

seby

i would just do

$dbhost = "mysql.server.com";
$dbname = "thedbname";
$dbuser = "dbusername";
$dbpass = "letmein";

its safe, since it will come up blank even if someone called the file, just as long as there isn't any output in the file.

seby

also you can define them.. which is usually how i like to do it. which is secure, again, as long as there is no output in the file.

define('DB_HOST', 'hostname');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'database');


mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);