RE: [PHP] Security/Web tree/db connect and select

John W. Holmes on Tuesday, June 01, 2004 8:29 AM said: > We'll call that Option 3, which is a viable option if you cannot do > Option 2 (store outside of webroot). The problems with this method is > that if PHP ever fails for any reason, the file may be delivered as

Re: [PHP] Security/Web tree/db connect and select

From: "Chris W. Parker" <[EMAIL PROTECTED]> > > You're right. Option 2 offers more security in that no one will ever > > be able to reach the file directly with a web browser. You don't need > > to use file() or file_get_contents(), though... A simple > > include('../includes/db.inc'); wil work (wh

RE: [PHP] Security/Web tree/db connect and select

Chris W. Parker <> on Tuesday, June 01, 2004 8:12 AM said: > how about just calling 'db.php' so that when someone does request it > via a web browser it will be parsed and end up not sending any data > to the client? that should read, "just calling *it* 'db.php'", regarding the name of the fi

RE: [PHP] Security/Web tree/db connect and select

John W. Holmes on Friday, May 28, 2004 11:25 PM said: > You're right. Option 2 offers more security in that no one will ever > be able to reach the file directly with a web browser. You don't need > to use file() or file_get_contents(), though... A simple > include('

Re: [PHP] Security/Web tree/db connect and select

Dennis Seavers wrote: Option 1: Include the mysql_connect and mysql_select_db commands within the script that manipulates the data from the database. Option 2: Include the mysql_connect and mysql_select_db commands (along with usernames and passwords) outside the Web tree, but have the script

[PHP] Security/Web tree/db connect and select

I have a question about comparing the security risks for two methods of connecting to a database with PHP. The DBMS is MySQL. Option 1: Include the mysql_connect and mysql_select_db commands within the script that manipulates the data from the database. Option 2: Include the mysql_connect and