dou72260 2017-07-27 03:21
浏览 105
已采纳

隐藏php文件中的mysql密码

I have a PHP script that I use to run a query in mysql and export a file. I have the login credentials within the php file. It will be invoked by a user visiting the page and the file automatically downloads. I have read that you should write the credentials in another file and include it in the file. I don't know enough about php to know where to store this file securely and how to properly include it. I had a friend help me write the file.
The php script is as follows. 

<?php
header("Access-Control-Allow-Origin: *");
$db_user = "user"; //replace with your mysql username
$db_pass = "password"; //replace with your mysql password
$db_source = "database"; //replace with your database name
$mysqli = mysqli_connect("localhost", $db_user, $db_pass, $db_source);

if (mysqli_connect_errno()) {
    printf("Connect failed: %s
", mysqli_connect_error());
    exit();
} else {
// place sql query between quotes for $sql -- do not end with ;
    $sql = " SQL Statement Here ";
    $res = mysqli_query($mysqli, $sql);
    $rows = array();
    if ($res) {
        while ($r = mysqli_fetch_assoc($res)) {
            $rows[] = $r;
        }
    } else {
        printf("Could not retrieve records: %s
", mysqli_error($mysqli));
    }

    $return = array(
        $rows
    );

    array_to_csv_download($rows);

    mysqli_free_result($res);
    mysqli_close($mysqli);
    unset ($db_user, $db_pass, $db_source);
}


function array_to_csv_download($array, $filename = "export.csv", $delimiter=",") {
    header('Content-Type: application/csv');
    header('Content-Disposition: attachment; filename="'.$filename.'";');

    $f = fopen('php://output', 'w');

    foreach ($array as $line) {
        fputcsv($f, $line, $delimiter);
    }
}

?>
  • 写回答

3条回答 默认 最新

  • drzk21632 2017-07-27 03:36
    关注

    When putting PHP file on a properly set up server, the users will not be able to access the PHP source code. Therefore, if you trust the server, you can put the database credentials in the code without any problem.

    However, there is a few other problems that you might encounter relating security:

    1. When you put a website on a server, you must ensure that this server is secure. Someone from the outside should not be able to read the php source files from the server. Depending on your hosting provider, the server might be already all secured for you so you should not worry too much about that (as long as you keep to minimum the number of people having access to the server).

    2. You're right that you need to put the credentials in an external file. However, this is not related to security on the server. It is useful when you are working on a project with multiple other programmers and you want to keep your database credentials private. Usually you want to store all the private data inside one file that you are not going to share with anyone else. For example, if you are using a version control system, such as git, you don't want to track this file and every programmer should have his own version of the file. This reduces the risk of widespread of sensitive information.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Mac系统vs code使用phpstudy如何配置debug来调试php
  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)