I have a file that contains all the database connection information, how could I hide that in a safe place and only allow files within a certain folder to have access, and no sub folders unless I specify which ones.
I’m allowing people to upload files, such as php, and if they find out the name and location of the file, they could possibly get the contents of the file and hack my database. by reading in the file using fopen()
the database info:
[code=php]<?php
$dbHost = “localhost”; //Location Of Database usually its localhost
$dbUser = “xxxxx”; //Database User Name
$dbPass = “xxxxx”; //Database Password
$dbDatabase = “file_host”; //Database Name
$db = mysql_connect(“$dbHost”, “$dbUser”, “$dbPass”) or die (“Error connecting to database.”);
mysql_select_db(“$dbDatabase”, $db) or die (“Couldn’t select the database.”);
?>
One way of how I use it:
[code=php]<?php
include”db.php”;
$sql = mysql_query(“SELECT * FROM users WHERE id='{$_SESSION[‘id’]}'”)or die(mysql_error());
$row = mysql_fetch_array($sql);
?>