This question is as simple as the title states. It’s probably been asked hundreds of times but I couldn’t find the answer, so sorry.
Basically, I want to get some information from a MySQL database from one of the pages on my website and just want to make sure that it is safe to establish the connection on that page because I obviously don’t want the information about my MySQL database to be compromised.
I know that anyone can view the HTML source of a webpage with the web browser but I wasn’t sure if the same could be done with PHP (variables)…
Thanks in advance
Unless your server is fundamentally broken and serves up the raw PHP code, the only thing end-users ever will see is the OUTPUT of your script. A properly functioning setup will never serve up PHP code.
If you’re worried about the posibility of a leak, then keep sensitive data in a separate file outside of your document root, and
include()it into PHP. It’s no defense against people who have shell access to your server, but it would keep a misconfigured server from leaking that data if the PHP code DOES get served up somehow.