email si computing SI Computing
SI Logo 400 West Hall, si.computing@umich.edu
Checkout HowTos HelpDesk Faqs Contact
Resources Services Facilities Accounts SI Main
Home arrow How To's
How Tos
CD Burning
Data Burning
Audio Burning
Connector Conference Room
Online Searching
DIALOG on Mac
DIALOG on PC
Lexis-Nexis on Mac
Lexis-Nexis on PC
User Instructions
Monitor Instructions
Email
Folder Sizes
Installing Mulberry
Mulberry
Mulberry Filters
Pine
Pine Attachments
Deleting Pine Attachments
Vacation Message
Netscape Mail
Server-side Email Filtering
FTP
Fetch
SmartFTP
Internet
Wireless Networking
Connecting to Wireless
Telnet
Webpage Creation
U of M User Directory
iPod
iMovie
Meeting Maker Upgrade
download and configure
MySQL DB Server
MySQL/PHP Security
Transfer DB to new server
PDF
intro
creation
Novell
Changing your Novell Password
Printing
iprint
Adding Printers
Configuring Printers

PHP-MySQL Security

As far as security goes it might be a good idea to pull your password out of your script. This can be done fairly easily.

I would recommend creating a "data" directory with a 'data.php' file in it. The contents of data.php would be something like this: 

   <?php
    $username='jlockard';
    $password='my_password';
    $servername='sqldb.si.umich.edu';
   ?>

in the data directory you'd have a .htaccess file that contained: 

   <FILESMATCH "\.php$">
     order deny,allow
     deny from all
   </FILESMATCH>

Then, in your regular php scripts, you'd do something like this: 

   <?php
     include("data/data.php");
     $db = mysql_connect($servername, $username, $password) or die("Could not connect: " . mysql_error());
     mysql_select_db($username, $db);

     .... etc ...
   ?>

School of Information Computing • Room 400 • (734) 936-7255 • si.computing@umich.edu