What are the potential consequences of displaying MySQL connection details in PHP code?
Displaying MySQL connection details in PHP code can pose a security risk as it exposes sensitive information such as usernames, passwords, and database names. This information can be easily accessed by malicious users, leading to potential unauthorized access to the database. To prevent this, it is recommended to store connection details in a separate configuration file outside of the web root directory.
// config.php file outside of web root directory
<?php
$servername = "localhost";
$username = "root";
$password = "password";
$dbname = "database_name";
?>
// index.php file in web root directory
<?php
include_once("../config.php");
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
Related Questions
- What best practices should be followed when using PHP classes in a template system to ensure proper placement of content?
- Are there any security considerations to keep in mind when reading and processing external data in PHP?
- What steps can be taken to troubleshoot and resolve errors related to the mysql_num_rows() function in PHP when querying a database?