At 7:42 PM -0500 6/5/01, Don Read wrote:
>On 05-Jun-01 Ed Peddycoart wrote:
>> Thanks...this helped...Just had success in connecting to the MySQL server
>> and dumping the db contents to the screen....One worrisome bit though...My
>> username and password for connecting to the db on my host is my username and
>> password for the web account. If I want to create dynamic webpages by
>> pulling data from my db, won't I have to put this information (usersname and
>> pw) in the php file and leave it on the server? Sounds pretty darn scary to
>> me...maybe I am confused.
>No, you put it in a php file with nothing but defines / data,
>say 'config.php' :
>// Database ***************************
>and include('config.php') in your scripts.
>If the webserver is configured properly, access to this file will evaluate as
>php code; so nothing will get output.
>Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is
However, if you and I both have virtual domains hosted by the same server,
I can write a script that will read your config.php file.
And then, for my next trick, I'll connect to your database and read
(or destroy) all your data. :-)
>Don Read dread@stripped
>-- It's always darkest before the dawn. So if you are going to
> steal the neighbor's newspaper, that's the time to do it.
Paul DuBois, paul@stripped