How can sensitive information, such as database passwords, be securely stored and accessed by a PHP script?

Sensitive information, such as database passwords, should never be hard-coded directly into PHP scripts as it poses a security risk. Instead, a common practice is to store these sensitive details in a separate configuration file outside of the web root directory. This file should be included in the PHP script to access the credentials securely.

// config.php
&lt;?php
define(&#039;DB_HOST&#039;, &#039;localhost&#039;);
define(&#039;DB_USER&#039;, &#039;username&#039;);
define(&#039;DB_PASS&#039;, &#039;password&#039;);
define(&#039;DB_NAME&#039;, &#039;database_name&#039;);
?&gt;

// script.php
&lt;?php
require_once(&#039;config.php&#039;);

$connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

if ($connection-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $connection-&gt;connect_error);
}

echo &quot;Connected successfully&quot;;
?&gt;

Keywords

encryption secure storage environment variables password hashing access control

How can sensitive information, such as database passwords, be securely stored and accessed by a PHP script?

Keywords

Related Questions