Hi Thomas!
On Mon, 09 Jul 2001, Thomas David Kehoe wrote:
> How do I put my password into an external file?
>
> I have dozens of webpages with the line
>
> mysql_connect (localhost, username, password);
>
> What if I have to change my password? Rather then change dozens of scripts,
> I want to put this line into an external file and call it with "include".
>
> The problem is security. If I make the file a class, then the file
> extension must be .inc. Anyone can type in the URL and see the contents of
> the file.
huh? you've learnt something wrong from various places. Who said it must be
inc? It can be even .my-super-dooper-class, but it's safer to just name the
file .php
as for passwords, define() all the parameters you use in a configuration file
and keep it outside webroot
e.g.
/www
+--/htdocs
+--/images (etc.)
^- at this level let's say you have config.php w/
define('DB_PASSWORD','yabadubi')
then, in db.sql you just include() the config.php file.
>
> Changing the permission to "everyone-execute" and "owner-read" doesn't work,
> apparently because a .inc file is read, not executed.
>
> Using the .php file extension (instead of .inc) executes the script when the
> URL is accessed. The user sees nothing, if the file contains no HTML. But
> class only works with the .inc extension. Using "include" without making a
> class treats the file as HTML and it doesn't execute.
nope, include can include even foo.exe as php code, if foo.exe has php code
section i.e. <?php /* code here */?> so your file must least start with an
open tag.
cheers,
-- teodor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
