Jump to content
xisto Community
alex1985

Php Configuration File config.php

Recommended Posts

I did create this topic mainly because I want to know everything about that configuration file. I will post other replies if I want to know more depending on your experience.

Is this code correct for that file:

<? $host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

Add your suggestions or improve it.

Share this post


Link to post
Share on other sites
<?$host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

It looks like it is a "typical" configuration file, but you need to replace the "XXX" with the correct data for your account and MySql information.

Localhost is correct for a Xisto account, the dbname and dbuser will be prefixed with your Xisto account name and an underscore so that it would become jlhaslip_ followed by the actual name of the database.
The password would be specific to your database, too. You need to have the database built using the MySql selection in the cpanel and a user/password also needs to be previously created and allowed the privileges for the database.

Share this post


Link to post
Share on other sites

Not really, that I am aware of.Be sure to safe that file with a PHP file extension, though, in case someone links to it. When you use a php file extension, the contents can not be read in a Browser since there are not echo commands. You also might want to save it using the "common" inc.php file extension so you know that it is a file to be "included" and that it is a php file.file name would become: "mysql.inc.php"then include ("mysql.inc.php"); is what you would need in the php file which calls the include. Another security issue would be to store the "mysql.inc.php" file outside of the public_html folder so that it is not available via the web, only by the php parser. Then you would access it using include ("../mysql.inc.php"); (assuming the calling file is in the public_html folder.

Share this post


Link to post
Share on other sites

I wouldn't suggest putting this file in the public_html folder. Put it up one directory in your root folder. This should keep your password hidden if the php parser were to ever break.

Share this post


Link to post
Share on other sites
<?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>

Wouldnt that be alrite for the config php aswell as thats what i use??

Share this post


Link to post
Share on other sites

'username' => 'xxxxx',
'password' => 'xxxxx',
'database' => 'xxxxx',
'persistent' => 0,
'driver' => 'mysql',
);
?> linenums:0'><?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>
Wouldnt that be alrite for the config php aswell as thats what i use??

well if you did that then you would have to connect to sql in every single file, just taking up your time every time you want to add a new file.

Share this post


Link to post
Share on other sites

Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?

Well they are just values in an array. There is no real reason to turn off persistent connection because PHP's mysql_connect function automatically makes a non-persistant connection. If you have any questions about persistent connections you can read about them here. As for the driver I am not sure. It almost looks like he is using a function that is designed to connect to any type of database and is a lot more open ended. However mysql_connect works fine and already defaults to all of those values so there is no real reason to set them if you plan on using that.

Share this post


Link to post
Share on other sites

It looks pritty good, same as mine basically!I don't think there's any improvement you can do security wise, but when your doing your mysql_query's use sprintf with mysql_real_escape_string (read up on it closer to the time) I think it makes the query more secure.

Share this post


Link to post
Share on other sites

SO, you mean it's better to use like db.inc.php instead of confg.php?

correct.


config.php or db.inc.php whatever its name is not important. For example: If filename is config.php, type the url of the config php, and you will see a blank page. You will not see the source codes, so filename is not important, I think.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.