Option 1: Include the mysql_connect and mysql_select_db commands within the script that manipulates the data from the database.
Option 2: Include the mysql_connect and mysql_select_db commands (along with usernames and passwords) outside the Web tree, but have the script run from within the Web tree. The script would use a command like file() or file_get_contents()
to get the information from a text file outside the Web tree.
My belief is that Option 2 affords a higher level of security than Option 1, but I wanted to make sure.
You're right. Option 2 offers more security in that no one will ever be able to reach the file directly with a web browser. You don't need to use file() or file_get_contents(), though... A simple include('../includes/db.inc'); wil work (where ../ takes you outside of the webroot and into an includes/ directory for the db.inc file). Or use an absolute path include('/home/user/includes/db.inc'); where /home/user/www/ is your webroot (for example).
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
