Orginally when I designed my site, I put the db access file, conn.php, in the webarea - where all files reside. After reading a recent thread, I realize that this may not be too secure. Therefore, I would like to shove conn.php one level above the webarea. However, I don't feel like re-writng 300+ files with the new db access info, so I thought a simple re-direct page might do the trick.
I've tried three methods:
the header approach header("location: ../conn-up.php");
an absolute header: header("location: /vhome/conn-up.php");
and an include approach:
include("../conn-up.php");
/* Db file access (conn.php) -- all pages presently refer or call this file */
<?php session_start(); ob_start(); ?> <?php /* $db = pg_connect("dbname=big user=me password=pwd"); old string */ header("location: /vhome/site/conn-up.php"); // tried 3 approaches above ?>
/* New db access (conn-up.php) - now located one level above webpages */
<?php session_start(); ob_start(); ?> <?php $db = pg_connect("dbname=big user=me password=pwd"); ?>
All three approaches will not allow db access. I'm stumped. Is it possible to do this, and will this protect the db password any better than if it stays in the webarea?
Any help, guidance, or ideas most welcome.
Tia, Andre
Maybe this aids:
[code]
define('FOOBAR', realpath(dirname(__FILE__) . '/..') . '/');
require_once(FOOBAR . 'conn_up.php');
[/code]Add this line to a script in your docroot. In subdirs you'll certainly have to add some '/..'. Some prepend-file is suggested.
Daniel
-- WWE e-commerce IT GmbH Eiffestrasse 462, D-20537 Hamburg Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
