Authentication security in PHP script

solascreative

I'm brand new to using PHP and my SQL. In one tutorial I did, I managed to connect to the database on my server (which is hosted commercially).

I've been searching around and haven't been able to find an answer to the following... perhaps someone can help?

The PHP page I wrote required that I include my admin name and password in order to access my database. Since my admin name and password were written in plain text in the script, anyone could look at the source code and get my information.

I've seen suggestions that said to place a separate PHP script with my authentication info in a separate .php file and call that file from my header.

The questions are

How would this header be written?
Where should I place the file so that it can be referenced in the script, but not viewable by someone else?

Any help at all would be greatly appreciated.

Thanks,
Michael

sarahk

Talk to your host about protecting files. You can have an include path which is never referenced by path so when you say include("me.php"); it knows to look there but hackers might not even know the directory exists.

There's no big secret to creating them. They are just variables created from a central point.

solascreative

Thanks a lot for the tip. I suspected I'd have to get my ISP involved, but wasn't sure. 🙂

-Mike