Posted by Dan on 11/24/07 11:31

Hello!

I've got some misc. questions about PHP and its usage with MySQL.


The following web page:

http://www.freewebmasterhelp.com/tutorials/phpmysql/3

shows that it is normal to include mysql database usernames and
passwords in the php file. Is this good programming practice? I'm
worried that people would be able to read my php file through a web
browser or through other nefarious means.

This is the statement that must be in the source file to connect to a
database:

mysql_connect(localhost,$username,$password);

with $username and $password defined elsewhere in the source file.
This seems scary to me!


How to properly defend against an injection attack? Wikipedia has the
following code as for how to defend:

$query_result = mysql_query
(
"select * from users where name = '"

• Next in forum: Re: Newbie Security Questions
• Prev in forum: Re: Looking for a generic DB-maintenance application
• Thread view: Newbie Security Questions

[Reply to this message]