Php Configuration File config.php

[kudmus 0]

Thanx guys for the info but a newbie like me would not jump into the config file. I need to start from scratch. I have google php tutorials but I keep getting the ones that are base on assumption I've already installed php or I need help with some trix on top of the basic php knowledge that I have. I need tutorials that will take me from the moment I double-click my php installer to the moment when I can say I have configured my site and php, apache and mySQL are now working in harmony. By the way my site is not on my rig. It's hosted by Xisto. Can anyone point me to such resources? Pliz!

[alex1985 0]

Its too clear now!!!

[iGuest 3]

Personally I wouldn't worry too much

There are numerous things you can depending on your level of paranoia.

DB connection variables should be single quoted not double quoted as PHP doen't actually need to parse the value of those.

As someone else suggested, you can also move the config file above the webroot.

Ensure the file is CHMOD with the correct permissions so it isn't 'world readable'.

Where the config file also has the connection string

$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());Mysql_select_db($dbname) or die(mysql_error());

you can always remove the mysql_error function once you know it works to prevent sensitive data being revealed in the event of an error or better yet, preceed $connection with an ampersand to halt error reporting. 

-reply by Guardian

[k_nitin_r 8]

SO, you mean it's better to use like db.inc.php instead of confg.php?

I would advise against moving away from the "config" in the name because it's convention. If another developer/administrator were to take over your code, it would be harder for them to locate the configuration settings. What I mean is, you could use "config.inc.php" instead of "db.inc.php". I believe MantisBT uses the "config.inc.php" as the filename for the configuration settings.

-Nitin