alex1985 0 Report post Posted April 24, 2008 I did create this topic mainly because I want to know everything about that configuration file. I will post other replies if I want to know more depending on your experience.Is this code correct for that file: <? $host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?> Add your suggestions or improve it. Share this post Link to post Share on other sites
jlhaslip 4 Report post Posted April 24, 2008 <?$host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?> It looks like it is a "typical" configuration file, but you need to replace the "XXX" with the correct data for your account and MySql information.Localhost is correct for a Xisto account, the dbname and dbuser will be prefixed with your Xisto account name and an underscore so that it would become jlhaslip_ followed by the actual name of the database. The password would be specific to your database, too. You need to have the database built using the MySql selection in the cpanel and a user/password also needs to be previously created and allowed the privileges for the database. Share this post Link to post Share on other sites
alex1985 0 Report post Posted April 24, 2008 If there is a more stuff to write that configuration file based on security issue? Share this post Link to post Share on other sites
jlhaslip 4 Report post Posted April 24, 2008 Not really, that I am aware of.Be sure to safe that file with a PHP file extension, though, in case someone links to it. When you use a php file extension, the contents can not be read in a Browser since there are not echo commands. You also might want to save it using the "common" inc.php file extension so you know that it is a file to be "included" and that it is a php file.file name would become: "mysql.inc.php"then include ("mysql.inc.php"); is what you would need in the php file which calls the include. Another security issue would be to store the "mysql.inc.php" file outside of the public_html folder so that it is not available via the web, only by the php parser. Then you would access it using include ("../mysql.inc.php"); (assuming the calling file is in the public_html folder. Share this post Link to post Share on other sites
alex1985 0 Report post Posted April 24, 2008 SO, you mean it's better to use like db.inc.php instead of confg.php? Share this post Link to post Share on other sites
jlhaslip 4 Report post Posted April 24, 2008 correct. Share this post Link to post Share on other sites
galexcd 0 Report post Posted April 30, 2008 I wouldn't suggest putting this file in the public_html folder. Put it up one directory in your root folder. This should keep your password hidden if the php parser were to ever break. Share this post Link to post Share on other sites
mafiastreetz 0 Report post Posted May 3, 2008 <?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?> Wouldnt that be alrite for the config php aswell as thats what i use?? Share this post Link to post Share on other sites
galexcd 0 Report post Posted May 3, 2008 'username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?> linenums:0'><?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>Wouldnt that be alrite for the config php aswell as thats what i use?? well if you did that then you would have to connect to sql in every single file, just taking up your time every time you want to add a new file. Share this post Link to post Share on other sites
alex1985 0 Report post Posted May 20, 2008 Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them? Share this post Link to post Share on other sites
galexcd 0 Report post Posted May 20, 2008 Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?Well they are just values in an array. There is no real reason to turn off persistent connection because PHP's mysql_connect function automatically makes a non-persistant connection. If you have any questions about persistent connections you can read about them here. As for the driver I am not sure. It almost looks like he is using a function that is designed to connect to any type of database and is a lot more open ended. However mysql_connect works fine and already defaults to all of those values so there is no real reason to set them if you plan on using that. Share this post Link to post Share on other sites
alex1985 0 Report post Posted May 21, 2008 Thanks. I got it. Share this post Link to post Share on other sites
tracdoor 0 Report post Posted May 22, 2008 It looks pritty good, same as mine basically!I don't think there's any improvement you can do security wise, but when your doing your mysql_query's use sprintf with mysql_real_escape_string (read up on it closer to the time) I think it makes the query more secure. Share this post Link to post Share on other sites
alex1985 0 Report post Posted May 24, 2008 Thanks enough!!! Share this post Link to post Share on other sites
Erdemir 0 Report post Posted May 24, 2008 SO, you mean it's better to use like db.inc.php instead of confg.php? correct. config.php or db.inc.php whatever its name is not important. For example: If filename is config.php, type the url of the config php, and you will see a blank page. You will not see the source codes, so filename is not important, I think. Share this post Link to post Share on other sites