Hi Jon,
the ini file looks like:
hostip&user&password&databasename
after I import it, I split it up, and assign each to a variable name.
I also have it outside the doc root, and it gives a generic error msg for
every error in the system (db related, or not).
Should this do it?
-Dan Joseph
-----Original Message-----
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: Friday, April 04, 2003 2:20 PM
To: Dan Joseph; [EMAIL PROTECTED]
Subject: RE: [PHP] Opinion on a method....
Hi Dan,
> I would like to get some opinions here on a method I'm doing
> to grab connect information for a mysql connection. Currently
> I am doing:
> $pinfo = fopen ("/director1/directory2/filename.ini","r");
Does this filename.ini contain the code to connect to your database? If so,
I usually do two things with this file:
1. put it outside the document root, so users can't browse to it
2. put any code that might output something (an error message, for example)
inside a function, so even if it is run, nothing will happen - you need to
include() it and then call the function yourself.
If it's just connection information, with no code (I'm a bit confused by the
.ini extension :-) then just make sure it's somewhere outside your document
root.
> Is XML a solution?
I don't think XML is inherently any more secure than plain text - it's all
down to how you store and transmit the data.
Cheers
Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
