Reputation: 310
MySQLi connection with variables in config.php
I am creating a database connection class, that will access the variables or constants defined in the config.php. However, if I am going to create a theme and a plugin engine, how would I only allow the MySQLi connection class to access the config without allowing plugins/themes accessing the information breaching the security of the website & users.
Previously, I just defined host, username, password, and database as constants in the config, then included the config inside a file that included all of the core website files, such as the core functions file, database connection, etc - I believe this is how popular CMS's such as Wordpress, etc, does it? If not please correct me.
If I include the config inside the database class, but then include the database class inside the website, the config can be accessed by custom code inside the themes and plugins - which MUST NOT happen.
How would I go about doing this? I cannot think of any other way.
Thanks, Kieron
Upvotes: 1
Views: 577
Answers (1)
Reputation: 57729
how would I only allow the MySQLi connection class to access the config
You don't. Instead you should give your MySQLi wrapper class all the settings it needs. ie:
class MySQLiWrapper {
public function __construct($server, $username, $password, $database) {..}
}
As for internal security. PHP code has no sandboxing, any script can do an fopen on any file and read it's contents. Think about how you want to approach security.
Upvotes: 2
Related Questions
- Monad in plain English? (For the OOP programmer with no FP background)
- Including Config file in connection file not working
- Creating a globally accessible MySQLi object
- MySQLi OOP Class Insert Function Not Working
- error on mysqli multiple connection via class
- why does not PHP include work?
- Using PHP's mysqli connection as an object for other classes
- PHP Class DB Connections