Reputation:
What are the risks and benefits of storing DB connection info in the ini file, if the only purpose of accessing the database remotely is to SELECT?
Upvotes: 1
Views: 9198
Reputation: 29492
If you meant php.ini
file and settings under [mysqli]
section:
[mysqli]
mysqli.default_port = 3306
mysqli.default_host = 127.0.0.1
mysqli.default_user = db_user
mysqli.default_pw = db_pass
then setting them in ini file makes further use of myqsli convenient, since you don't have to parse any file / define your own config, simply connect:
$db = mysqli_connect(); // no arguments, just works.
$res = mysqli_query($db, 'SHOW DATABASES');
while($row = mysqli_fetch_assoc($res)){
print_r($row);
}
Risk only exists if you left phpinfo somewhere, then you username and password will be exposed to anyone viewing this file.
Upvotes: 1
Reputation: 4148
There's nothing wrong with storing configuration in an ini file, but you'd be better off not touching the php.ini file.
Just create your own .ini file and read it using parse_ini_file($filename)
or parse_ini_file($filename, true)
to group by sections as well.
For more information, refer to the php docs
EDIT
Further example
; This is your 'config.ini' file, stored on your web server
; Just make sure it isn't in a public directory!
[database]
host = localhost
user = bob
password = password
Then your php:
$config = parse_ini_file(__DIR__ . '/../config.ini', true); // Assuming your php is in the root directory of your web server, so placing the file where it can't be seen by prying eyes!
$host = $config['database']['host'];
// etc...
Upvotes: 4