What potential security risks are present in the provided PHP script, especially in terms of hardcoding sensitive information like database credentials?
The potential security risk in the provided PHP script is the hardcoding of sensitive information like database credentials directly in the code. This makes it easier for attackers to access and misuse this information if they gain unauthorized access to the codebase. To mitigate this risk, it's recommended to store sensitive information like database credentials in environment variables or configuration files outside of the web root.
// Retrieve sensitive information from environment variables or configuration file
$db_host = getenv('DB_HOST');
$db_name = getenv('DB_NAME');
$db_user = getenv('DB_USER');
$db_pass = getenv('DB_PASS');
// Connect to the database using retrieved credentials
$connection = new mysqli($db_host, $db_user, $db_pass, $db_name);
// Check connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
Keywords
Related Questions
- What common syntax errors can occur when writing PHP code?
- In what ways can the SUM() function in SQL be utilized to calculate the total number of draws and losses in a PHP War module?
- Are there any specific coding conventions or syntax rules to keep in mind when combining PHP and HTML for link generation?