At the moment I am placing my config.php file in the include folder on my Apache Server, which gives me easy access to the file, with having to write a directory path. I assume this is a good idea since it is secure and not reachable from outside the public root folder.
I was never told how to create the config.php file so I improvised, but it seems to that it may have been done the wrong way.. (not that secure now). Then I began to search for tutorials on how to build these config files the right way, but each and every tutorial had their own way to do it.. Some did it by using arrays.. some did it by defining the configuration variables.. others by using a class.. There may not be a right way, but I want a secure and very functional system to work, and I don't really care how advanced it is going to be..
This is my current config file.. you should easily see that it is not that secure in any way, cause anybody might just be able to echo the variables and then read the connection.
<?
$main_host = 'db01.server.local'; // There may be db02, db03 etc.
$main_psw = '********';
$main_host_end = '.server.local'; // makes it possible for me to connect to a different datastore only knowing the subdomain.
// *** USERS *** //
$w_user = 'w_user';
$xr_user = 'xr_user';
$r_user = 'r_user';
$w_server = 'w_server';
$w_db_admin = 'dbw_admin';
// *** DATABASES *** //
$db_accounts = 'accounts';
$db_server = 'server_setup';
// *** DB ACCOUNTS *** //
try {
$w_accounts = new PDO("mysql:host=$main_host;dbname=$db_accounts", $w_user, $main_psw);
$w_accounts->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
try {
$r_accounts = new PDO("mysql:host=$main_host;dbname=$db_accounts", $r_user, $main_psw);
$r_accounts->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
// *** DB SERVER SETUP *** //
try {
$w_server = new PDO("mysql:host=$main_host;dbname=$db_server", $w_user, $main_psw);
$w_server->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
try {
$r_server = new PDO("mysql:host=$main_host;dbname=$db_server", $r_user, $main_psw);
$r_server->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
?>
So.. to ask the question directly. What is the right way to create a config.php file? I really also hope that other people will find this useful to know.
EDIT I also should mension that this might not be all.. I may have further connections to make.. not only the accounts and server_setup
