At 7:42 PM -0500 6/5/01, Don Read wrote:
>On 05-Jun-01 Ed Peddycoart wrote:
>> Thanks...this helped...Just had success in connecting to the MySQL server
>> and dumping the db contents to the screen....One worrisome bit though...My
>> username and password for connecting to the db on my host is my username and
>> password for the web account. If I want to create dynamic webpages by
>> pulling data from my db, won't I have to put this information (usersname and
>> pw) in the php file and leave it on the server? Sounds pretty darn scary to
>> me...maybe I am confused.
>> Ed
>>
>
>No, you put it in a php file with nothing but defines / data,
>say 'config.php' :
>
><php
>
>// Database ***************************
>
>define('DBHOST', 'localhost');
>define('DBUSER', 'abc');
>define('DBPASS', 'abc123');
>
>---
>
>and include('config.php') in your scripts.
>
>If the webserver is configured properly, access to this file will evaluate as
>php code; so nothing will get output.
>
>Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is
>poorly configured.
>
>include("$DOCUMENT_ROOT/../config.php");
However, if you and I both have virtual domains hosted by the same server,
I can write a script that will read your config.php file.
And then, for my next trick, I'll connect to your database and read
(or destroy) all your data. :-)
>
>Regards,
>--
>Don Read [EMAIL PROTECTED]
>-- It's always darkest before the dawn. So if you are going to
> steal the neighbor's newspaper, that's the time to do it.
--
Paul DuBois, [EMAIL PROTECTED]
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
