Here’s how I connect to my database:
- create a “access.php” file that has the username and password of the database inside it.
- create a “main.php” file in which I include access.php and then create MySQL connection and the rest.
How secure is this way of coding?
I’m just a bit scared that if someone could somehow donwload the access.php and get to know my user and pass.
Any suggestions?
I have a .php file called “Connect” which is the database connection file.
Then I have a file I call “config.php” which contain the username, pass etc.
Then once the database connection has been initiated or whatever it is called (sorry I am not English), then you would “unset” the variables which contain the login info, eg:
unset($config[‘mysql_pass’]);
However you shouldn’t be scared of people being able to download your access.php file, as it is executed server-side, and the content are not visible to any front-end users.
You could also put your access.php file in a folder just before your public_html folder, this way, it cannot be accessed for outside the server.
Hope it helps 🙂