HOME       >>       Programming

Php Configuration File config.php


alex1985

I did create this topic mainly because I want to know everything about that configuration file. I will post other replies if I want to know more depending on your experience.

Is this code correct for that file:

<? $host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

Add your suggestions or improve it.

jlhaslip

<?$host="localhost";$dbname="XXX";$dbuser="XXX";$dbpass="XXX";$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());?>

It looks like it is a "typical" configuration file, but you need to replace the "XXX" with the correct data for your account and MySql information.

Localhost is correct for a Xisto account, the dbname and dbuser will be prefixed with your Xisto account name and an underscore so that it would become jlhaslip_ followed by the actual name of the database.
The password would be specific to your database, too. You need to have the database built using the MySql selection in the cpanel and a user/password also needs to be previously created and allowed the privileges for the database.

alex1985

If there is a more stuff to write that configuration file based on security issue?


jlhaslip

Not really, that I am aware of.Be sure to safe that file with a PHP file extension, though, in case someone links to it. When you use a php file extension, the contents can not be read in a Browser since there are not echo commands. You also might want to save it using the "common" inc.php file extension so you know that it is a file to be "included" and that it is a php file.file name would become: "mysql.inc.php"then include ("mysql.inc.php"); is what you would need in the php file which calls the include. Another security issue would be to store the "mysql.inc.php" file outside of the public_html folder so that it is not available via the web, only by the php parser. Then you would access it using include ("../mysql.inc.php"); (assuming the calling file is in the public_html folder.


alex1985

SO, you mean it's better to use like db.inc.php instead of confg.php?


jlhaslip

correct.


galexcd

I wouldn't suggest putting this file in the public_html folder. Put it up one directory in your root folder. This should keep your password hidden if the php parser were to ever break.


mafiastreetz

<?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>

Wouldnt that be alrite for the config php aswell as thats what i use??


galexcd

'username' => 'xxxxx',
'password' => 'xxxxx',
'database' => 'xxxxx',
'persistent' => 0,
'driver' => 'mysql',
);
?> linenums:0'><?php$_CONFIG = array('hostname' => 'localhost','username' => 'xxxxx','password' => 'xxxxx','database' => 'xxxxx','persistent' => 0,'driver' => 'mysql',);?>
Wouldnt that be alrite for the config php aswell as thats what i use??

well if you did that then you would have to connect to sql in every single file, just taking up your time every time you want to add a new file.

alex1985

Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?


galexcd

Can you explain those two entries: 'persistent' => 0, 'driver' => 'mysql'. Why do I need them?

Well they are just values in an array. There is no real reason to turn off persistent connection because PHP's mysql_connect function automatically makes a non-persistant connection. If you have any questions about persistent connections you can read about them here. As for the driver I am not sure. It almost looks like he is using a function that is designed to connect to any type of database and is a lot more open ended. However mysql_connect works fine and already defaults to all of those values so there is no real reason to set them if you plan on using that.

alex1985

Thanks. I got it.


tracdoor

It looks pritty good, same as mine basically!I don't think there's any improvement you can do security wise, but when your doing your mysql_query's use sprintf with mysql_real_escape_string (read up on it closer to the time) I think it makes the query more secure.


alex1985

Thanks enough!!!


Erdemir

SO, you mean it's better to use like db.inc.php instead of confg.php?

correct.


config.php or db.inc.php whatever its name is not important. For example: If filename is config.php, type the url of the config php, and you will see a blank page. You will not see the source codes, so filename is not important, I think.

kudmus

Thanx guys for the info but a newbie like me would not jump into the config file. I need to start from scratch. I have google php tutorials but I keep getting the ones that are base on assumption I've already installed php or I need help with some trix on top of the basic php knowledge that I have. I need tutorials that will take me from the moment I double-click my php installer to the moment when I can say I have configured my site and php, apache and mySQL are now working in harmony. By the way my site is not on my rig. It's hosted by Xisto. Can anyone point me to such resources? Pliz!


alex1985

Its too clear now!!!


iGuest

Personally I wouldn't worry too much

There are numerous things you can depending on your level of paranoia.

DB connection variables should be single quoted not double quoted as PHP doen't actually need to parse the value of those.

As someone else suggested, you can also move the config file above the webroot.

Ensure the file is CHMOD with the correct permissions so it isn't 'world readable'.

Where the config file also has the connection string

$connection=mysql_connect($host, $dbuser, $dbpass) or die(mysql_error());Mysql_select_db($dbname) or die(mysql_error());

you can always remove the mysql_error function once you know it works to prevent sensitive data being revealed in the event of an error or better yet, preceed $connection with an ampersand to halt error reporting. 

-reply by Guardian

k_nitin_r

SO, you mean it's better to use like db.inc.php instead of confg.php?

I would advise against moving away from the "config" in the name because it's convention. If another developer/administrator were to take over your code, it would be harder for them to locate the configuration settings. What I mean is, you could use "config.inc.php" instead of "db.inc.php". I believe MantisBT uses the "config.inc.php" as the filename for the configuration settings.

-Nitin


VIEW DESKTOP VERSION REGISTERGET FREE HOSTING

Xisto.com offers Free Web Hosting to its Members for their participation in this Community. We moderate all content posted here but we cannot warrant full correctness of all content. While using this site, you agree to have read and accepted our terms of use, cookie and privacy policy. Copyright 2001-2019 by Xisto Corporation. All Rights Reserved.