user1193509
user1193509

Reputation:

PHP connection variables ini file

What are the risks and benefits of storing DB connection info in the ini file, if the only purpose of accessing the database remotely is to SELECT?

Upvotes: 1

Views: 9198

Answers (2)

dev-null-dweller
dev-null-dweller

Reputation: 29492

If you meant php.ini file and settings under [mysqli] section:

[mysqli]
mysqli.default_port = 3306
mysqli.default_host = 127.0.0.1
mysqli.default_user = db_user
mysqli.default_pw = db_pass

then setting them in ini file makes further use of myqsli convenient, since you don't have to parse any file / define your own config, simply connect:

$db = mysqli_connect(); // no arguments, just works.
$res = mysqli_query($db, 'SHOW DATABASES');
while($row = mysqli_fetch_assoc($res)){
    print_r($row);
}

Risk only exists if you left phpinfo somewhere, then you username and password will be exposed to anyone viewing this file.

Upvotes: 1

RobMasters
RobMasters

Reputation: 4148

There's nothing wrong with storing configuration in an ini file, but you'd be better off not touching the php.ini file.

Just create your own .ini file and read it using parse_ini_file($filename) or parse_ini_file($filename, true) to group by sections as well.

For more information, refer to the php docs

EDIT

Further example

; This is your 'config.ini' file, stored on your web server
; Just make sure it isn't in a public directory!

[database]
host = localhost
user = bob
password = password

Then your php:

$config = parse_ini_file(__DIR__ . '/../config.ini', true); // Assuming your php is in the root directory of your web server, so placing the file where it can't be seen by prying eyes!
$host = $config['database']['host'];
// etc...

Upvotes: 4

Related Questions