Ok I am going to give out my little secret that was passed to me.  Your
worry is warranted in my opinion especially since let's say your isp is in
the middle of an upgrade or something happens to php that breaks it.. Now
your php code is being shown as regular text.. Anybody can see your code.
There are a lot of things that could possibly go wrong.. Maybe an error
happens and it shows where you have the error and it shows your username and
password.. So many things.. So use an external file that is below your
htdocs/www/public_html directory.  I usually use a directory called
phpinc/php_inc/php.  Call it whatever you want :) and then put a file in it
called say.. query.inc

query.inc
<?
  function queryDB ($query) {
    $connect = mysql_pconnect('host', 'username', 'password');
    $result = mysql_db_query('database',$query,$connect);
    if ($result) {
      return $result;
    } else {
      echo "<h1>Error in Query</h1>";
      echo "Query: \"$query\"<br />";
      echo mysql_errno($connect).": <font
color=\"red\">".mysql_error($connect)."</font><br />";
      exit;
    }
  }
?>

Include this file within any file that will be doing database queries. Then
whenever you want to make a call to the database use this syntax:

$result = queryDB("YOUR SQL QUERY HERE");

Plus it will show you where you are getting your mysql errors when you have
them.  It's a great little function.. Thank you John Ash! :)  Gotta give
credit where it's due :)

I hope it helps!

Cheers!

Rick

He who is devoid of the power to forgive is devoid of the power to love. -
Dr. Martin Luther King, Jr.

> From: "Sailom" <[EMAIL PROTECTED]>
> Date: Fri, 19 Jul 2002 11:33:59 +0700
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Password in script
> 
> I just checked grant and it said something like...
> GRANT USAGE ON *.* TO 'XXXXX'@'%' IDENTIFIED BY .........
> Does this means user named 'XXXXX' can log in from any server?  This may be
> a silly question.
> 
> 
> "Jonathan Rosenberg" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> Yes, but if you're on a shared server, other users of the user will likely
>> be able to read your PHP files & get the password.
>> 
>>> -----Original Message-----
>>> From: Tyler Longren [mailto:[EMAIL PROTECTED]]
>>> Sent: Thursday, July 18, 2002 23:10 PM
>>> To: Sailom
>>> Cc: [EMAIL PROTECTED]
>>> Subject: Re: [PHP] Password in script
>>> 
>>> 
>>> It's fine.  There's no other way to do it really.  Somebody would have
>>> to be able to see the source to the php file before they could see the
>>> password for mysql.  They won't get it just by viewing the webpage
>>> that's already been parsed by php.
>>> 
>>> --
>>> Tyler Longren
>>> Captain Jack Communications
>>> [EMAIL PROTECTED]
>>> www.captainjack.com
>>> 
>>> 
>>> 
>>> On Fri, 19 Jul 2002 10:03:02 +0700
>>> "Sailom" <[EMAIL PROTECTED]> wrote:
>>> 
>>>> I am new to PHP and MySQL and never have experience in this area.  I
>>>> am writing a PHP script that connects to MySQL server.  I have to put
>>>> a password of MySQL into the PHP script.  I think it may not be
>>>> secured.  What do you think?  How can I make it more secure?  Thanks.
>>>> 
>>>> 
>>>> 
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>> 
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>> 
>>> 
>> 
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to