Tuesday, December 13, 2022

Where do you store your PHP script configurations like DB access data?

Here is the article.

I have an config.php file where I simply make an huge array that contains all the framework configuration. Also the database source string thing like "mysql:host=localhost;dbname=mydb" (whats that called, btw?) and username + password for DB. I'm afraid this is:

  1. stupid
  2. not good; better solution there
  3. not secure (?)

so how do the PHP experts do that?


12

If you have a wwwhttpdocs or public_http folder or something like that, where your php application is situated, then it is good practice to put the config file outside of that folder, and just access it like this:

include "../config.php";

Nobody can gain access to that file without FTP access, and so it's relatively safe compared to having it in the application folder.

If you don't have such a folder, you can create one, and make a .htaccess file in the root, which redirects all requests to that folder. There are many different ways to do that, but that's a different question all together.

  • unfortunately, almost 99,99% of all cheap virtual hosters don't provide any such directory. Everything from within the root is accessible, and there's no ftp access to what's above the web root.  Dec 27, 2009 at 12:36
  • 1
    Actually, most 'cheap' hosts I've had, have provided such a directory in some form or another. It's also in the host's interest to do so. But see my edit for options.  Dec 27, 2009 at 12:41 
  • @openfrog: quite a statement you have there, where do you get your data from?  Dec 27, 2009 at 16:42
  • all the cheap virtual hosting i've ever seen has this option. 
    – nickf
     Jan 8, 2010 at 22:19

No comments:

Post a Comment