Any PHP gurus out there? - Democratic Underground

Catch22Dem

(1000+ posts) Send PM | Profile | Ignore

Sat Jan-31-04 09:13 AM
Original message

Any PHP gurus out there?

I have a couple of questions, so I'm curious if DU has any gurus. I work as a programmer but I have no experience with PHP.

Lets say I want to make a database connection. I notice I have to include the db name, db pass, etc... on the page where I want to query my database. What level of security exists for the page that now contains my database password?

What if all my pages talk to the same database, thus using the same connection properties. Is there some way I can set an application-wide var, or a global var for these connection properties? Or should I make a page that has the connection info and use it as an "include" on any page where I need database connectivity.

Please don't be afraid to get technical w/ me. I'm a professional. LOL ;)

Printer Friendly | Permalink | | Top

Philosophy

(1000+ posts) Send PM | Profile | Ignore

Sat Jan-31-04 10:24 AM
Response to Original message

1. The php code is server side

1. There is no way for the client browser to see your password - the server processes the code and outputs only html, not any code.

2. I like to hard code my database connection info in an include file in a function that just takes a SQL string and returns the results.

Printer Friendly | Permalink | | Top

Catch22Dem

(1000+ posts) Send PM | Profile | Ignore

Sat Jan-31-04 10:50 AM
Response to Reply #1

2. #2 sounds good...that's my plan

#1 works too. I know it's srv-side code, but we do have people who can access the directories where the code is stored. I wasn't worried about anyone getting to it via their browsers, rather other employees who have access to the directory and can view the code. Anyway, it's all good.

Thanks!

Printer Friendly | Permalink | | Top

ming

(48 posts) Send PM | Profile | Ignore

Sat Jan-31-04 11:03 AM
Response to Original message

3. Put config files outside your webroot

For instance, if your web pages reside at /var/www/html then put your config info in /var/www and include it. It's too easy for something to go wrong that may or may not be outside your control. At least this way, if something happens then at least your config info isn't sitting in a world readable directory. This is the same reason why you have a separate cgi-bin directory outside of your web root. As a basic rules of thumb, never put anything you don't want seen in a web accessible directory.

You may wish to peruse this site: http://www.phpadvisory.com

Printer Friendly | Permalink | | Top

Catch22Dem

(1000+ posts) Send PM | Profile | Ignore

Sat Jan-31-04 11:07 AM
Response to Reply #3

4. roger, sounds good

and thanks for the link. My boss is wanting me to investigate PHP. :shrug: Whatever, as long as he pays me ;)

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Mon Apr 29th 2024, 09:11 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.