Hello Stuart,
on 19.04.2001 you wrote:

> Hi people,

> I'm setting up a database to collect email addresses on my web site, but I
> want to avoid using the insecure connection method:

> mysql_connect("host", "user", "pass")

> as this obviously displays my username and password to anyone who wants it.

Does it ? I don't quite understand what the problem is, users fetching
the page with their browsers won't get to php code, but the output,
which certainly won't contain your username or password. Of course you
should ensure that the file itself should not be accessible by ways
other than HTTP (e.g. no (anonymous) user should be able to fetch the
file by FTP for example). If you're really paranoid, put the
username/password outside your htroot into a separate file, say
passwords.inc and include it into php with
include('/secure/passwords.inc'), but this isn't really needed, and
BTW, it won't make the connection method more secure, or insecure.

HTH
Vic



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to