I am creating a database connection class, that will access the variables or constants defined in the config.php. However, if I am going to create a theme and a plugin engine, how would I only allow the MySQLi connection class to access the config without allowing plugins/themes accessing the information breaching the security of the website & users.
Previously, I just defined host, username, password, and database as constants in the config, then included the config inside a file that included all of the core website files, such as the core functions file, database connection, etc - I believe this is how popular CMS's such as Wordpress, etc, does it? If not please correct me.
If I include the config inside the database class, but then include the database class inside the website, the config can be accessed by custom code inside the themes and plugins - which MUST NOT happen.
How would I go about doing this? I cannot think of any other way.
Thanks, Kieron
