问题
I'm creating several php scripts. Must I always insert the host, username, password, etc. for every script for the same database and table? Is there a way to make reference with only one line or some other way? Is there anyway to hide this info?
$host="XXXXXXXXX";
$username="XXXXX";
$password="XXXXX";
$db_name="XXXXXX";
$tbl_name="XXXXX";
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
回答1:
While PHP files are executed and thus the source code is not visible from the web, an accidental misconfiguration could change this. You could put the DB configuration in a separate file outside the wbeserver's document root directory and use PHP's require command to include it in the other scripts.
However, depending on the PHP configuration, files outside the docroot may not be accessible to PHP scripts, but there are ways around this. This SO question discusses these issues in detail
回答2:
If you don't want to put the credentials in php files then you can put them the php.ini configuration file.
mysql.default_host = "localhost"
mysql.default_user = "user"
mysql.default_password = "pass"
then in the php source:
<?php
$connect_db = mysql_connect();
$err = mysql_error();
if ($err != "")
{
echo "Error connecting to database: $err";
die;
}
if (!mysql_select_db("mydomain_com_test", $connect_db))
{
echo mysql_error()."<br/>";
die;
}
$sql = "SELECT NOW()";
$rows = mysql_query( $sql );
?>
来源:https://stackoverflow.com/questions/10263202/is-there-a-way-to-hide-all-database-info-such-as-password-username-etc