Am 20.09.2011 01:23, schrieb Dotan Cohen: > On Tue, Sep 20, 2011 at 01:48, Reindl Harald <h.rei...@thelounge.net> wrote: >> i would use a samll class holding the db-connection with >> insert/update-methods >> pass the whole record-array, lokk what field types are used in the table >> and use intval(), doubleval() or mysql_real_escape-String >> > By the way, the database connection is include()ed from a file outside > the webroot. This way if Apache is ever compromised or for whatever > reason stops parsing the PHP, the resulting code returned to the > browser won't have the daabase info (especially the password)
if stops parsing - yes, but not relevant if it is in a include if the machine is compromised it does not matter someone could read your files can read also the include outside the docroot
signature.asc
Description: OpenPGP digital signature
