On thing you can also try (which is nowhere near the security of outside the docroot) is to put ocnfig data (user, pass, etc...) inside it's own php file that is included in outfiles. For example (assuming that php parser doesn't fail):
------ configstuff.php ---------- <?php $user = "myname"; $pass = "mypass"; $db = "mydb"; ?> ------ end ----------------------
- Edwin - wrote:
Hello,
"Doug Essinger-Hileman" <[EMAIL PROTECTED]> wrote:
On 25 Jun 2003 at 16:42, Dan Joseph wrote:
I am just beginning to use php and mysql together (I'm new to both). I am having trouble getting this to work in what I think is a veryStore that file outside the docroot. That way there is no chance they can get it from the web site. I myself use an ini file that is no where near the docroot, and use parse_ini_file() to load the DB information in, and then I connect to it. This method passed our security audit with flying colors.
A sample of what my ini file resembles is:
[mysql_info] host = 192.168.1.1 uid = username pwd = password dbn = database
They end up in a $INI array, and the fields are $INI['host'],
$INI['uid'],
etc.. You can read more about that function @ www.php.net.
simple test.
I have created mysql.ini, and put it outside the docroot: /myhome/mysql.ini. This file, in its entirety, is:
[mysql_info}
I think you meant [mysql_info]? (Check the closing bracket.)
host=spore.org uid=myuserid passwd=mypassword
Then I created a webpage with nothing more than the following:
<?php parse_ini_file("/home/revref/mysql.ini");
echo $INI;
?>
There's a good example in the manual:
http://www.php.net/manual/en/function.parse-ini-file.php
Notice that you need to do something like this: (based on your example)
<?php
$INI = parse_ini_file("/home/revref/mysql.ini"); print_r($INI);
?>
- E -
PS Please check the difference between print_r() and echo() as well...
...[snip]...
__________________________________________________ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
