On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote:
>My concern is that a shell emulating PHP or
>Perl script run as Apache can read or copy ANY PHP script used with PHP as
>an Apache module.
It seems to me like the safest way to handle this would be to create a
function that opens the database (with the user_id and password hard
coded) and returns a handle to the open db. Then put this function
into a "include" directory outside the document root (you might have to
disable fopen_with_path).
function openDB() {
$MYSQL_Server = "localhost";
$MYSQL_DB = "db";
$MYSQL_User = "user";
$MYSQL_Password = "password";
// Connect to database
$dbID = mysql_connect($MYSQL_Server, $MYSQL_User, $MYSQL_Password)
or die("Could not connect");
mysql_select_db( $MYSQL_DB )
or die("Could not select database");
return( $dbID );
}
Then call openDB() from your module....
<?PHP
include "hidden.php";
$dbHandle = openDB();
// whatever you want to do with the db here
?>
Comments??
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
