As we all know, one of the main objectives of technology and computing is comfort, and in this case we will work on convenience for us programmers.
Many times, the best security measure is to do everything possible to ensure that the visitor don't really know what you're doingThis way we will avoid all kinds of common vulnerabilities on the web. In this way, I suggest that you do not follow the guidelines that everyone follows when developing a web page, but that you yourself raise the different functions.
One of the most delicate parts of any web is the database, since all data that needs to be stored, in the vast majority of cases, will be stored in it. To access the database we need the following information:
- employee
- User
- Password
- Database name
Usually this information is attached in the same file that performs the function of connecting to the database:
<?php $link=mysql_connect("SERVIDOR", "USUARIO", "CONTRASEÑA"); mysql_select_db("BASE DE DATOS",$link) OR DIE ("Error: No es posible establecer la conexión"); mysql_set_charset('utf8'); ?>
However, as always, there is another way of doing things, we can store this very confidential data in a different file than the one that performs the function, and then limit the permissions to that file.
For this we will use the function rtrim, function for extract data from a common text file. The .txt should contain one data in each line, something like this:
And we would extract said data later, in the file that makes the connection:
<?php $datos='datos.txt'; $todos_los_datos=file($datos); $servidor=rtrim($todos_los_datos[0]); $usuario=rtrim($todos_los_datos[1]); $clave=rtrim($todos_los_datos[2]); $basededatos=rtrim($todos_los_datos[3]); $conectar=mysql_connect($servidor, $usuario, $clave); mysql_select_db($basededatos, $conectar); ?>