| Re: Local vs. hosted connection [message #176975 is a reply to message #176973] |
Sat, 11 February 2012 19:46   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 2/11/2012 12:17 PM, Aulë wrote:
> Greetings, fine denizens. I've made significant progress in my project
> since my first post here some time ago, and I have a question related to
> a chunk of code I developed to simplify connection to my database.
> Locally, I need one set of parameters, but after uploading the pages to
> my web host, I need a different set of connection parameters. Initially,
> I simply edited the file after uploading it, but that got tiresome
> quickly, so I came up with the following, which sends the correct
> parameters based on the SERVER_NAME value:
>
> <?php
>
> // Define application constants.
> define('HOSTED', ($_SERVER['SERVER_NAME']=='localhost') ? false : true);
>
> // Open the database.
> $db = open_db(HOSTED);
> if ($db) {
> // Do stuff
> }
>
> function open_db($hosted = false) {
>
> // Define connection values.
> if ($hosted) {
> $host = (string) [url=mywebhost.com]mywebhost.com[/url];
> $user = (string) [url=mywebhost_username]mywebhost_username[/url];
> $pass = (string) [url=mywebhost_password]mywebhost_password[/url];
> $data = (string) [url=mywebhost_mysql_database]mywebhost_mysql_database[/url];
> $port = (int) [url=mywebhost_port]mywebhost_port[/url];
> } else {
> $host = "localhost";
> $user = (string) [url=localhost_usename]localhost_usename[/url];
> $pass = (string) [url=localhost_password]localhost_password[/url];
> $data = (string) [url=localhost_mysql_database]localhost_mysql_database[/url];
> $port = (int) [url=localhost_port]localhost_port[/url];
> }
>
> // Execute connection string.
> $db = mysqli_connect($host, $user, $pass, $data, $port);
>
> // Stop script if connection fails.
> if (mysqli_connect_errno()) {
> printf("Connection failed: %s\n", mysqli_connect_error());
> exit();
> } else {
> return($db);
> }
>
> }
> ?>
>
> The cast double brackets are simply placeholders I put here in this post
> to indicated where I have coded my actual parameters in the indicated
> type. (I left "localhost" as it is.)
>
> My question is this: is all this secure on the Web, or is there a way
> for someone to remotely acquire such stored connection parameters?
If it's outside the DOCUMENT_ROOT so no one can download it, it's
secure. Otherwise a server misconfiguration can expose you errors.
Why not just include a configuration file on both systems, each with the
appropriate settings? Much cleaner and less error prone.
BTW - unless you are the domain owner for mywebhost.com, you should not
be using their name. Instead, use example.com, example.org, etc., which
have been specifically reserved for such uses.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]