All geek questions in one place

How can I avoid hard-coding a database connection password?

I am working on a school project (by writing a website) and I am faced with the problem of providing a password to connect to our database. Due to our Open-Source license, we have to publish the source code, but this will mean that everyone can connect to the database and see the data.

Currently, our connection (php file) is as follows:

$host="************"; $password="************"; $this->conn = new mysqli($host, $user, $password, $dbname).mysqli_connect_error());

Now my question is: how can I provide a password to connect to the database without having to write $password=... ?

+5
source share
2 answers

Ok, here is one with the ini file:

xxx.php

 <?php $db_params = parse_ini_file( dirname(__FILE__).'/db_params.ini', false ); // ..... $this->conn = new mysqli($db_params['host'], $db_params['user'], $db_params['password'], $db_params['dbname'], $db_params['port'], $db_params['socket']).mysqli_connect_error()); // ... ?>

db_params.ini

 host=mysql.example.com port=3306 socket= user=testuser password=myPasswort dbname=myDatabase
+5
source

Use one file to contain configuration variables and exclude this file when sharing code.

For instance:

 require_once('config.php'); $this->conn = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['dbname']);

The config.php will include:

 $config['db']['username'] = 'user'; $config['db']['password'] = 'pass'; ...

You can / should extend this to include hostname, port, database, etc.

+1
source

Source: https://habr.com/ru/post/1242098/

More articles:


All Articles