mysql密码用PHP连接到MySQL [英] mysql passwords Connecting to MySQL with PHP

问题描述

在使用PHP连接到MySQL的教程中，您会看到类似以下内容的内容.

In tutrorials for Connecting to MySQL with PHP you see something similar to the below.

$pdo = new PDO('mysql:host=localhost;dbname=mydb', 'myuser','mypassword');

我在本地主机上以这种方式进行连接，但是为了使其生效，您如何处理密码?您是否只是将其保留为纯文本格式(在php文件中)?还是有一种更安全的方式来处理此问题?

I have a connection working this way on my localhost but for putting it live what do you do about the password? Do you just leave it as plain text like that in your php file? Or is there a more secure way to handle this?

推荐答案

如果他们查看源代码，则没人会看到您的连接字符串，只能通过查看原始代码才能看到它.我还将它放在一个单独的文件中，并将该文件包含在您的页面中.如果您需要更改密码，这也很有帮助，因为您不必编辑使用连接的每个页面-您只需要编辑一个文件.

Nobody can see your connection string if they look at the source, it can only be seen by looking at your raw code. I would also have it inside a separate file, and include the file on your page. This also helps if you need to change the password, as you won't have to edit every page that uses a connection - you'll only need to edit the one file.

或者，您可以在包含文件中包含一个连接字符串，并将其放置在文档根目录之外.这样可以阻止人们使用浏览器或攻击您的FTP的方式访问此文件.这将 帮助 ，以保护您的纯文本密码，但如果有人可以访问您的本地目录，则仍然可以访问.为此，您可能需要配置一个PHP配置变量open_basedir，该变量允许您的脚本与root以外的文件进行对话.这完全取决于您是否有权访问根目录后面的文件夹，和，是否可以更改该配置变量.

Alternatively, you can have a connection string in an include file and place it outside of document root. This stops people getting to this file using a browser or if they attack your FTP. This will help security of your plain-text passwords, but is still accessible if somebody gets/has access to your local directories. To do this, you may need to configure a PHP configuration variable, open_basedir, which allows your script to talk to a file outside of root. This all depends on if you have access to a folder behind root of course, and if you can change that configuration variable.

除此之外，没有什么可以做的.

Other than that, there's not much that can be done.

包含文件示例:

创建一个名为conn.php的文件，并将您的连接存储在其中.

Create a file called conn.php and store your connection in there.

$dbConn = mysql_connect($host, $user, $pass);
mysql_select_db("dbName", $dbConn);

在需要连接的页面上，包含conn.php文件，如下所示:

On the page that needs the connection, include the conn.php file like so:

<?php
include("conn.php");
if (!dbConn) {
    die('Sorry, our database did not load. Please try again later.');
    exit();
}
$result = mysql_query("...");
?>

这篇关于mysql密码用PHP连接到MySQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！