Firstly if its that important use a database and encrypt the data to make it harder to crack.
If you cannot use a database have the txt file outside the document_root
[Resolved] rwxrwxrwx ... 777 ... what security is there?
CHMOD 777 means ANYONE can read, write and execute that particular file.
So if I typed in the URL directly to the text file than I could read it, because the permissions state that I have authorization to do so.
A quick google search turned this up. I think it may clear some file structure security questions.
i cant use mysql databases because I have no idea how to, or where to look to find out how. I have phpmyadmin, but i could never figure out how to make an actual database with a table and then use it.
Can someone point me in the right direction?
PS. Thanks for the link i'll check them out.
This website should get you started as well as this forum. http://dev.mysql.com might help to 
777 is disabled on a lot of servers now by the Network Admins. If you use 755, it should work just as good as 777 for what is needed.
Maybe in a networked environment where they are not hosting websites. But 777 is required when writing/creating files on the server using PHP.
I do mean to undermine your knowledge on the subject, but I am very correct. If he was to contact his host (If he's a hosted account) that will be the answer he gets.
Originally posted by planetsim
This website should get you started as well as this forum. http://dev.mysql.com might help to
Everywhere I go, they say I need a "client program" but I don't have one. None of them say where to get them either.
I bought a domain a month ago, and it has cpanel X. One of the pages in it is to create databases and accounts. I can create a database, and a user for that database, but that's all I can do. I guess my question is how I can manipulate them with PHP...
edit: I found some code on the internet:
create table sample_table (
serial int(3) not null auto_increment,
name varchar(16) not null,
age int(2) not null,
primary key(serial) ) ;
insert into sample_table (name,age) values ('Nahla',25);
insert into sample_table (name,age) values ('Ahmed',19);
insert into sample_table (name,age) values ('Rasha',27);
insert into sample_table (name,age) values ('Mohamed',30);
insert into sample_table (name,age) values ('Yasser',25);
and I know it has something to do with creating tables. But when I try to insert it into my PHP tag, it doesn't work. Where am I supposed to use this type of code?
Um.. Cpanel allows you to manage those databases. One the same page you can create them, scroll down.. it should be there. If not get a new host. O-O
Originally posted by AndrewWest
I do mean to undermine your knowledge on the subject, but I am very correct. If he was to contact his host (If he's a hosted account) that will be the answer he gets.
Ok then if thats the case how do you write files/upload files etc. Those permissions are required for that, that and also ive used 777 on my hosts and none have disabled this
I don't know about your hosts, but we'll let him contact his host and find out. I'll bet ya my coding liscence (right lol) that it's the reason. If you CHMOD to 777 you get a 500 error.
If you would liek I'll create you a FTP account on my server and you can test it yourself.
Originally posted by planetsim
Firstly if its that important use a database and encrypt the data to make it harder to crack.
If you cannot use a database have the txt file outside the document_root
Sorry to continue this thread after it has been resolved, but something just occurred to me. There's a function somewhere that I've used before, like read() or file_get_contents() where you enter the url of a page.
If my php page has me defining the username and password, can't they find them out by using that function on my page's url?
How can I protect against this?
Originally posted by Verd
Sorry to continue this thread after it has been resolved, but something just occurred to me. There's a function somewhere that I've used before, like read() or file_get_contents() where you enter the url of a page.
If my php page has me defining the username and password, can't they find them out by using that function on my page's url?
How can I protect against this?
You shouldn't need to. Learn the difference between file paths and URLs - if they tried to fread() a URL, all they'd get is whatever they'd get if they requested the URL from your web server any other way.