Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Uh oh. I’ve just realized, I think it would be extremely easy to get into my MySQL database. My webserver uses a separate PHP script to connect to the server, which includes the username and password. Correct me if I’m wrong, but couldn’t someone easily require this file in their script and then have full access to my database?
As others have mentioned, when another server includes your file, the server will parse it, so all they will get is the parsed file unless things are not configured correctly.
However, you should not be storing your database login credentials within your web root for this very reason. If, for example, your web root is
then store the file in:
Then in your script, just do
There is no way that someone can even access that file from HTTP because it is outside your web root.