Im trying to set-up my PHP SQL Scripts as secure as possible. I went through various posts here, especially this post.
Here it is recommended to put the config files for the PHP scripts outside of the webaccessible space.
The question: How to access a folder within the script, which is beyond the webaccessible folder structure. And herewith I mean outside of the domain-webspace-directory, by which the script is called?
My PHP Script imports the config via:
require_once __DIR__ . $_SERVER['DOCUMENT_ROOT']."/apis/CONFIG/abc-app/file_CONFIG.php";
The script is called via the app-abc through subdomain
https://api.mysubdomain.ru/abc-app/get_all_SQL_data.php
Regarding the webserver folder structure, the above file is located here:
/www/htdocs/webhosteraccountid/apis/apis/abc-app/get_all_SQL_data.php
Whereas when I access my webspace via FTP on the highest accessible level, I am at
//apis/apis/abc-app/get_all_SQL_data.php
So /api/ is a first level folder.
My subdomain refers to the folder
/www/htdocs/webhosteraccountid/apis/apis/
Now back to my script. When I use
$_SERVER['DOCUMENT_ROOT']
I get
/www/htdocs/webhosteraccountid/apis/apis/
So my script always fails, since I never get on a higher folder level than the one accessed by the subdomain. Respetively I never get the true server root directory, only the root of the subdomain.
Therefore the folder in which my config is, appears to be located beyond the DOCUMENT_ROOT. But how to define a path to such a file? Is this possible? But if not, what is then meant by placing the file into a non-webaccessible folder?
Thanks for hints.
