有没有办法隐藏所有数据库信息,如密码、用户名等?

2022-01-22 00:00:00 passwords php mysql host

我正在创建几个 php 脚本.我必须始终为同一个数据库和表的每个脚本插入主机、用户名、密码等吗?有没有办法只用一行或其他方式进行参考?有没有办法隐藏这些信息?

I'm creating several php scripts. Must I always insert the host, username, password, etc. for every script for the same database and table? Is there a way to make reference with only one line or some other way? Is there anyway to hide this info?

$host="XXXXXXXXX";
$username="XXXXX";
$password="XXXXX";
$db_name="XXXXXX";
$tbl_name="XXXXX";
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

推荐答案

虽然 PHP 文件被执行,因此源代码在网络上是不可见的,但意外的错误配置可能会改变这一点.您可以将数据库配置放在一个单独的文件中在 wbeserver 的文档根目录之外,然后使用 PHP 的 require 命令将其包含在其他脚本中.

While PHP files are executed and thus the source code is not visible from the web, an accidental misconfiguration could change this. You could put the DB configuration in a separate file outside the wbeserver's document root directory and use PHP's require command to include it in the other scripts.

但是,根据 PHP 配置,PHP 脚本可能无法访问 docroot 之外的文件,但有一些方法可以解决这个问题.这个 SO question 详细讨论了这些问题

However, depending on the PHP configuration, files outside the docroot may not be accessible to PHP scripts, but there are ways around this. This SO question discusses these issues in detail

相关文章