Solved

Securing/best practices for config.php file

Posted on 2007-11-16
5
463 Views
Last Modified: 2013-12-13
I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Zibings
ID: 20299702
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20299740
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20301879
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php
	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
		
	$db = mysql_select_db( "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
?>

Open in new window

0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20301942
Nice, thank you for that! Let me work in that code.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301949
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question