Hi Dan,
> I would like to get some opinions here on a method I'm doing
> to grab connect information for a mysql connection. Currently
> I am doing:
> $pinfo = fopen ("/director1/directory2/filename.ini","r");
Does this filename.ini contain the code to connect to your database? If so,
I usually do two things with this file:
1. put it outside the document root, so users can't browse to it
2. put any code that might output something (an error message, for example)
inside a function, so even if it is run, nothing will happen - you need to
include() it and then call the function yourself.
If it's just connection information, with no code (I'm a bit confused by the
.ini extension :-) then just make sure it's somewhere outside your document
root.
> Is XML a solution?
I don't think XML is inherently any more secure than plain text - it's all
down to how you store and transmit the data.
Cheers
Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
