best practise for connecting to mysql

Anon

03/11/2000

Hi, i am php/mysql beginner and was wondering what is the best/secure method of connecting to a mysql db. I have come accross some sites, which have the connection variables on the page itself, while others have it on some .inc file, which they call be include or require function. Can anyone suggest/recomend the most secure.

Thanks

Anon

I prefer using phplib which stores the connection info in a local.inc file as properties of a sql object which is used to do queries.

You should generally have insert, delete, update, and select privliges only for the user used to connect to mysql through the internet.

Anon

The best/most secure way to do this is to use an include file and place it outside of your web root. If you have the following directories and files...

/home/www/
/home/www/index.php
/home/includes/
/home/includes/database.inc

use include("../includes/database.inc") in index.php to include your database information. This is secure because it's outside of your web root, so no one can access it. You also keep all of your database information centralized and only include the file when you need it.

---John Holmes...