Solved

Securing/best practices for config.php file

Posted on 2007-11-16
5
461 Views
Last Modified: 2013-12-13
I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Zibings
ID: 20299702
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20299740
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20301879
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php
	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
		
	$db = mysql_select_db( "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
?>

Open in new window

0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20301942
Nice, thank you for that! Let me work in that code.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301949
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Curl Problem 10 36
Compiling PHP with Curl plus protocols 8 22
Finding Where Clause Value in SQL Views and SP 21 37
php hashing methods 3 11
Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question