Hi Thomas!
On Mon, 09 Jul 2001, Thomas David Kehoe wrote:

> How do I put my password into an external file?
> I have dozens of webpages with the line
>     mysql_connect (localhost, username, password);
> What if I have to change my password?  Rather then change dozens of scripts,
> I want to put this line into an external file and call it with "include".
> The problem is security.  If I make the file a class, then the file
> extension must be .inc.  Anyone can type in the URL and see the contents of
> the file.
huh? you've learnt something wrong from various places. Who said it must be
inc? It can be even .my-super-dooper-class, but it's safer to just name the
file .php

as for passwords, define() all the parameters you use in a configuration file
and keep it outside webroot

  +--/images (etc.)
^- at this level let's say you have config.php w/

then, in db.sql you just include() the config.php file.  

> Changing the permission to "everyone-execute" and "owner-read" doesn't work,
> apparently because a .inc file is read, not executed.
> Using the .php file extension (instead of .inc) executes the script when the
> URL is accessed.  The user sees nothing, if the file contains no HTML.  But
> class only works with the .inc extension.  Using "include" without making a
> class treats the file as HTML and it doesn't execute.
nope, include can include even foo.exe as php code, if foo.exe has php code
section i.e. <?php /* code here */?> so your file must least start with an
open tag.


-- teodor

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to