• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Securing/best practices for config.php file

I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
catonthecouchproductions
Asked:
catonthecouchproductions
  • 2
  • 2
1 Solution
 
ZibingsCommented:
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
catonthecouchproductionsAuthor Commented:
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
nizsmoDeveloperCommented:
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php
	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
		
	$db = mysql_select_db( "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
?>

Open in new window

0
 
catonthecouchproductionsAuthor Commented:
Nice, thank you for that! Let me work in that code.
0
 
nizsmoDeveloperCommented:
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now