dongtan3306 2014-11-19 22:21
浏览 18
已采纳

如何避免在每个php页面上包含登录凭据,将凭据存储在单个页面中并调整代码以匹配调整

I have the following code to do a simple image upload and store a few data, however I want to remove the section(s) of the code that have the direct database username password and host, with a simple include("config.php") in the heading. So what I am asking apart from the include("config.php") line how would I make adjustments to the code example:$conn = $db->prepare($query); an so on

<?php

include("config.php");
define('UPLOAD_PATH', $_SERVER['DOCUMENT_ROOT'] . 'photohandling/uploads/');
define('DISPLAY_PATH', '/photohandling/uploads/');
define('MAX_FILE_SIZE', 2000000);
$permitted = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/gif','image/tiff');
$dames2=time();

$db_host = 'localhost';
$db_user = 'root';
$db_pass = 'password';
$db_name = 'test';

if (!empty($_POST)){

    $fileName = $_FILES['userfile']['name'];
    $tmpName = $_FILES['userfile']['tmp_name'];
    $fileSize = $_FILES['userfile']['size'];
    $fileType = $_FILES['userfile']['type'];

$fname=$_POST['fname'];
$lname=$_POST['lname'];
$age=$_POST['age'];
$acquirer_bin=$_POST['acquirer_bin'];
$terminal_id=$_POST['terminal_id'];
$trace_id=$_POST['trace_id'];




    // get the file extension 
    $ext = substr(strrchr($fileName, "."), 1);
    // generate the random file name
    $randName = md5(rand() * time());

    // image name with extension
    $myfile = $acquirer_bin.$trace_id.$dames2.$randName . '.' . $ext;
    // save image path
    $path = UPLOAD_PATH . $myfile;


    if (in_array($fileType, $permitted) && $fileSize > 0 && $fileSize <= MAX_FILE_SIZE) {
        //store image to the upload directory
        $result = move_uploaded_file($tmpName, $path);

        if (!$result) {
            echo "Error uploading image file";
            exit;
        } else {
            $db = new mysqli("localhost", "root", "hynes21", "test");

            if (mysqli_connect_errno()) {
                printf("Connect failed: %s<br/>", mysqli_connect_error());
            }

            $query =
              "INSERT INTO tester(fname,lname,age, acquirer_bin, terminal_id, trace_id,photo_name, size, type, file_path) VALUES(?,?,?,?,?,?,?,?,?,?)";
            $conn = $db->prepare($query);
            if ($conn == TRUE) {
                $conn->bind_param("ssiisisiss",$fname,$lname,$age,$acquirer_bin,$terminal_id,$trace_id, $myfile, $fileSize, $fileType, $path);
                if (!$conn->execute()) {
                    echo 'error insert';
                } else {
                    echo 'Success!<br/>';
                    echo '<img src="' . DISPLAY_PATH . $myfile . '"/>';
                }
            } else {
                die("Error preparing Statement");
            }
        }
    } else {
        echo 'error upload file';
    }
} else {
    echo 'error';
}


?>
  • 写回答

3条回答 默认 最新

  • dongshengyin0147 2014-11-19 22:37
    关注

    You really shouldn't define database credentials in code. A solid why to do this is to use a configuration file. PHP provides a built in function called parse_ini_file that is perfect for retrieving data from config files (in a certain format ofc).

    Here is an example of a ini file that can be parsed by parse_ini_file [docs]

    [db]
host = localhost
user = root
pass = password
database = test

    As you can see the format of the file is very similar to the php.ini file.

    Keep this db.ini file in a place that is not accessible by the web server but can be read by PHP.

    Here is a function that can utilize the data in the ini file and create a new mysqli object for you.

    // somefile.php
function new_db() {
    $info = parse_ini_file('db.ini', true);
    return new mysqli($info['db']['host'], 
                      $info['db']['user'],
                      $info['db']['pass'], 
                      $info['db']['database']);
}

    To use your new_db function. 

    require_once 'somefile.php';
$db = new_db();
$stmt = $db->prepare($query);
// ...
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!