How to store MySQL data safely?

Question

Possible Duplicate:
What is the best way to keep your MySQL credentials private in PHP?

I have a website with lots of .php files that connect to mysql database, and they run under different domains, so I have a mysql_data.php file (with different values for each domain) like:

define("MYSQL_HOST","localhost");
define("MYSQL_USERNAME","root");
define("MYSQL_PASSWORD","etc");

and then the other .php files use this info like:

require_once("mysql_data.php");

$mysql_host = MYSQL_HOST;
$mysql_database = MYSQL_DATABASE;
$mysql_user = MYSQL_USERNAME;
$mysql_password = MYSQL_PASSWORD;

$connection = @mysql_connect($mysql_host, $mysql_user, $mysql_password) or die(mysql_error());
$db = @mysql_select_db($mysql_database, $connection) or die(mysql_error());

This works fine, except regarding security. One can easily access this mysql_data.php file (I guess). So what would be a safer way to store this data? Thanks!

Do users have to log in to use the site? If so you can use $_SESSION variables to validate login names. — davepmiller, Oct 21 '12 at 20:56

score 0 · Answer 1 · answered Oct 21 '12 at 21:03

Don't use MySQL root account for web application.
If you have PHP installed correctly and there are no security issues on server - there is no way to get PHP file content from outside.
Go to The New Boston website and watch some tutorial videos about php and mysql.

How to store MySQL data safely?

1 Answers1