Php Configuration File config.php

[alex1985 0]

I did create this topic mainly because I want to know everything about that configuration file. I will post other replies if I want to know more depending on your experience.

Is this code correct for that file:

<? $host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

Add your suggestions or improve it.

[jlhaslip 4]

<?$host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

It looks like it is a "typical" configuration file, but you need to replace the "XXX" with the correct data for your account and MySql information.

Localhost is correct for a Xisto account, the dbname and dbuser will be prefixed with your Xisto account name and an underscore so that it would become jlhaslip_ followed by the actual name of the database.
The password would be specific to your database, too. You need to have the database built using the MySql selection in the cpanel and a user/password also needs to be previously created and allowed the privileges for the database.

[alex1985 0]

If there is a more stuff to write that configuration file based on security issue?

[jlhaslip 4]

Not really, that I am aware of.Be sure to safe that file with a PHP file extension, though, in case someone links to it. When you use a php file extension, the contents can not be read in a Browser since there are not echo commands. You also might want to save it using the "common" inc.php file extension so you know that it is a file to be "included" and that it is a php file.file name would become: "mysql.inc.php"then include ("mysql.inc.php"); is what you would need in the php file which calls the include. Another security issue would be to store the "mysql.inc.php" file outside of the public_html folder so that it is not available via the web, only by the php parser. Then you would access it using include ("../mysql.inc.php"); (assuming the calling file is in the public_html folder.

[alex1985 0]

SO, you mean it's better to use like db.inc.php instead of confg.php?

[jlhaslip 4]

correct.

[galexcd 0]

I wouldn't suggest putting this file in the public_html folder. Put it up one directory in your root folder. This should keep your password hidden if the php parser were to ever break.

[mafiastreetz 0]

<?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>

Wouldnt that be alrite for the config php aswell as thats what i use??

[galexcd 0]

'username' => 'xxxxx',
'password' => 'xxxxx',
'database' => 'xxxxx',
'persistent' => 0,
'driver' => 'mysql',
);
?> linenums:0'><?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>
Wouldnt that be alrite for the config php aswell as thats what i use??

well if you did that then you would have to connect to sql in every single file, just taking up your time every time you want to add a new file.

[alex1985 0]

Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?

[galexcd 0]

Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?

Well they are just values in an array. There is no real reason to turn off persistent connection because PHP's mysql_connect function automatically makes a non-persistant connection. If you have any questions about persistent connections you can read about them here. As for the driver I am not sure. It almost looks like he is using a function that is designed to connect to any type of database and is a lot more open ended. However mysql_connect works fine and already defaults to all of those values so there is no real reason to set them if you plan on using that.

[alex1985 0]

Thanks. I got it.

[tracdoor 0]

It looks pritty good, same as mine basically!I don't think there's any improvement you can do security wise, but when your doing your mysql_query's use sprintf with mysql_real_escape_string (read up on it closer to the time) I think it makes the query more secure.

[alex1985 0]

Thanks enough!!!

[Erdemir 0]

SO, you mean it's better to use like db.inc.php instead of confg.php?

correct.

config.php or db.inc.php whatever its name is not important. For example: If filename is config.php, type the url of the config php, and you will see a blank page. You will not see the source codes, so filename is not important, I think.