Hi all 🙂
I've been writing a script to interact with a MySQL database on my site, and I'm wondering how to avoid letting people see my username and password. (I've been using it inside the script to connect to the database.) Is there some other way to connect to the database? Or else, what permissions should I set on the file?
Thanks, ~Noah
If others don't have access to your PHP scripts, it will probably not be a problem ... unless for some reason your server starts dumping raw text instead of parsing PHP, or unless you accidentally remove a <? tag or something. So, what I (and others) have done is written my own database wrapper that is required (or included) at the beginning of each php file. This wrapper is stored in a secured directory. This way, even if the PHP gets dumped, all anyone would see is the location of my wrapper but they wouldn't see the contents.
Good luck, Ben
How do you write such a wrapper?
Take the script you usually use to connect to your database, store it in a secured directory and include it. Very, very simple. Some people like to take it beyond that and create whole routines to handle other elements of db access such as sending the text for a query and getting the resultant array back and so on but it doesn't need to be that expansive.
Cheers, -Ben
Outside your www-dir, you can put the file. For example .connect.php
In the file you wish to make the database connection, you do this (and let's say the file is www/index.php):
require("../.connect.php")
