php config files

[oab]

okay lets say that somebody has a config.php file that is included on every page that connects to the mysql server. How would he/she stop some1 else from including the same config file into their website and mess up your database? or is this even possible? help me im a noob.

 

[motogawa]

This is why you should create a whole different config page where it holds details of how to connect which include the :

Database Name :
Database Server :
Database Username :
Database Password :

which should be in the configuration file and then create another file that includes
the way to connect using the given variables through config.php

So what you shoudl do is create a config.php with the variables to connect to the database while making another file called db.php where it reads the database variables from there and connects that way

here is an example

config.php

$db_server = 'localhost';
$db_name = 'database name';
$db_user = 'database user';
$db_passwd = 'database password ';

and db.php(code partially borrowed from SMF)

	$db_connection = @mysql_connect($db_server, $db_user, $db_passwd);

if (!$db_connection || !@mysql_select_db($db_name, $db_connection))
  { 
	 die (mysql_error());
  }

 

[bigguy]

I think I know what your saying, and no I dont think this is possible.

 

[oab]

so it is not possible to include some1 elses config file?

and what motogawa sayed doesn't really matter if they figured out what both of your files were, they could just include them both and still get into your database..

 

[motogawa]

Well without really knowing what the tables and column values are along with username and such they really couldn't do much.

 

[oab]

Well without really knowing what the tables and column values are along with username and such they really couldn't do much.

WHAT!?!?!? they could make tables and make them huge and put anything in them they want, and im pretty sure they COULD delete your tables.

 

[motogawa]

Dun know anyone really who would want to spend all their time just doing that

 

[oab]

hackers, spammers, if your website is big and popular there are a lot of people that would AND if your database hadles payment im sure they could find some way to hack into it.. anyway im not going to worry about it i guess..