Hello,
Using .ini file to save database connection data is bad practice?
Hello,
Using .ini file to save database connection data is bad practice?
It is not a question of good practice or bad practice, it is a matter of knowing how you are doing, for example in laravel the main bank password is in .env
(this file is basically a .ini
format only uses one custom extension):
But the folder where the data is stored is not available via HTTP (access via site url), because the addresses are pointed to inside the folder ./public
Of course there are programmers (pseudo-programmers) who do not understand the logic of the laravel folder structure and put everything inside public_html
or www
in hosting and create .htaccess
without having much understanding about it, which can sometimes end up allowing access to .env
via URL http://site/.env
Now you know what you're doing, that your .ini
will be isolated in a place that only scripts and administrator will be able to access so there would be no problem at all.
Of course you can also choose to create a .php
with define
, for example:
You have a file named config.php
with this content:
<?php
define('DB_HOST', '12*.***.***');
define('DB_USER', 'foo');
define('DB_PASS', 'bar');
define('DB_MAIN', 'banco');
So it should be included in all major scripts with:
<?php
require_once 'config.php';
...
In mysql I would use something like (just an approximate example):
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_MAIN);
PDO (just an approximate example):
$dbh = new PDO('mysql:host=' + DB_HOST + ';dbname=' + DB_MAIN, DB_USER, DB_PASS);
So if the user accesses via URL http://site/config.php
it will be visible only one blank page.
One important thing to do is to always shut down the errors in the output and keep only in the log, sitting in php.ini:
display_errors=off
This is because some debuggers, such as Laravel and other frameworks can display parts of the code, in fact it is a bad mistake to bind the debuggers in production (on your hosting server), debuggers should be used only in secure environments, such as in your machine.