Reputation: 31
Is the mysql server, username and password public on a php website? (mysql_connect)
If i have a php script on my website like this for example:
<?php
mysql_connect("server","username","password");
mysql_select_db("commentbox");
$name=strip_tags($_POST['name']);
$comment=strip_tags($_POST['comment']);
$submit=strip_tags($_POST['submit']);
?>
will the "mysql_connect("server","username","password");" be public for everyone that views the source on that webpage?
Upvotes: 0
Views: 68
Answers (2)
Reputation: 871
If your Webserver is configured to interpret php, and you save the file with a corresponding extension (.php), your Webserver will parse everything enclosed in <?php ?> and nothing will be displayed to a user viewing the file via your Webserver unless you use a function to create output like echo).
Still, it is good practice to put files with sensitive data in a directory that is protected from web access (i.e. with a .htaccess file)
Upvotes: 0
Reputation: 1836
If you mean by "view the source", use a browser's "view source" feature, then no. As long as your server is configured to run PHP the code is never visible to the outside world, only the output of running your script.
Upvotes: 1
Related Questions
- is my database password exposed when I connect using php?
- Do I need to be concerned about password in mysql_connect in php?
- mysql connect - should username/password be hardcoded?
- PHP how to get mysql username and password from mysql_connect()
- What is the best way to keep your MySQL credentials private in PHP?
- mysql passwords Connecting to MySQL with PHP
- Secure MYSQL connection details
- How to safeguard my mysql_connect password (My database server's password)?
- PHP Username/Password Security