I’m slowly learning PHP, MySQL, along with some HTML, using localhost as my webserver. However, I’m starting to wonder how my .php files are going to be secured if I put this actually on the Internet.
I have a webpage at localhost/app.php that includes a form, some PHP code, and some MySQL queries. The MySQL credential information is located one directory above where app.php is located, but how do I prevent from strangers accessing the contents of app.php, including MySQL data structure, commands I’m using, etc. When you view the source code in a browser, you only see the HTML part of it, but couldn’t someone download app.php and look into the actual file if he wanted to?
What’s the proper way of constructing the file structure? Links or comments are greatly appreciated! TIA!
Well, if you’re using the .php extension, then Apache will serve up the parsed version — echo and print will output but your variables won’t.
If you’re still concerned there’s a few ways of making your files more secure.
/home/user/my_files/, you might aliasmy_filesto bewww.my-domain.com/files. The script would not be accessible there to the requests, but it would be accessible to something on the server.define( 'IN_APPLICATION', 1 );in your config files haveif( !defined( 'IN_APPLICATION' ) ) die( 'No direct script access allowed' );