----- Original Message ----- From: "Jon Haworth" <[EMAIL PROTECTED]> To: "Dan Joseph" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, April 04, 2003 12:19 PM Subject: RE: [PHP] Opinion on a method....
> Hi Dan, > > > I would like to get some opinions here on a method I'm doing > > to grab connect information for a mysql connection. Currently > > I am doing: > > $pinfo = fopen ("/director1/directory2/filename.ini","r"); > > Does this filename.ini contain the code to connect to your database? If so, > I usually do two things with this file: > > 1. put it outside the document root, so users can't browse to it > 2. put any code that might output something (an error message, for example) > inside a function, so even if it is run, nothing will happen - you need to > include() it and then call the function yourself. > > If it's just connection information, with no code (I'm a bit confused by the > .ini extension :-) then just make sure it's somewhere outside your document > root. > > > Is XML a solution? > > I don't think XML is inherently any more secure than plain text - it's all > down to how you store and transmit the data. > > Cheers > Jon I will add in this case that include() is going to be no less secure than fopen(), plus it's going to be a whole hell of a lot easier. - Kevin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php