Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

Securing/best practices for config.php file

I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
catonthecouchproductions
Asked:
catonthecouchproductions
  • 2
  • 2
1 Solution
 
ZibingsCommented:
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
catonthecouchproductionsAuthor Commented:
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
nizsmoDeveloperCommented:
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php
	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
		
	$db = mysql_select_db( "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
?>

Open in new window

0
 
catonthecouchproductionsAuthor Commented:
Nice, thank you for that! Let me work in that code.
0
 
nizsmoDeveloperCommented:
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now