Home/ Questions/Q 8126167
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T07:03:55+00:00

Ok , so many people are asking this question, and there are many approaches

  • 0

Ok , so many people are asking this question, and there are many approaches on how to make the connection to DB secure,

Now I did some googling , many suggest, putting the connection to DB code in a file outside the html_public , and to call it from there when I need to make a connection.

to be honest, am happy with what I have, though I’m not sure how secure it is,

this is how I connect to the DB:

first, I make sure all inputs are fully escaped and validated…

after , in the same page , i make the connection, for example:

mysql_connect("localhost","Admin","Password") or 
die ("DB Connection Error");
mysql_select_db("Users") or die ("DB Error");

and the rest of the code after, I close the mysql connection.

Now , It just don’t feel right that the DB user info are written in the page, but how can someone (a “hacker”) , get this info?

I mean , all inputs are fully escaped and validated, the users I use have very limited previleges, like select and update… only.

Is this secure?? and if not, can u please suggest a more secure way?

Thank you very much for ur help in advance 🙂

shady

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The reason you should consider putting this file outside the web root is that some hosting providers have temporarily stopped interpreting PHP from time to time (due to configuration faults, often after an update on their part). The code will then get sent in clear text and the password will be out in the wild.

    Consider this directory structure, where public_html is the web root:

    /include1.php
/public_html/index.php
/public_html/includes/include0.php

    Now consider this index.php:

    <?php
include('includes/include0.php');
do_db_work_and_serve_page_to_visitor();
?>

    If the web server starts serving this file in the open, it won’t take long before someone tries to download include0.php. Nobody will be able to download include1.php, however, because it’s outside the web root and therefore never handled by the web server.

    • 0