What are the best practices for handling database credentials in PHP scripts?

Storing database credentials directly in PHP scripts can pose a security risk as they can be easily accessed if the script is compromised. To mitigate this risk, it is recommended to store credentials in a separate configuration file outside of the web root directory and restrict access to it. This way, even if the PHP script is accessed, the credentials remain secure.

// config.php
&lt;?php
define(&#039;DB_HOST&#039;, &#039;localhost&#039;);
define(&#039;DB_USER&#039;, &#039;username&#039;);
define(&#039;DB_PASS&#039;, &#039;password&#039;);
define(&#039;DB_NAME&#039;, &#039;database_name&#039;);
```

```php
// database_connection.php
&lt;?php
require_once(&#039;config.php&#039;);

$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

if ($conn-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $conn-&gt;connect_error);
}

Keywords

database credentials PHP scripts security environment variables encryption

What are the best practices for handling database credentials in PHP scripts?

Keywords

Related Questions