[Wolves] PHP/MySQL help please

Simon Morris simon.morris at cmtww.com
Mon Jul 25 17:26:12 BST 2005 

On Mon, 2005-07-25 at 16:14 +0100, Peter Cannon wrote:
> On Monday 25 July 2005 15:36, Simon Morris wrote:
> 
> This might be a blind alley as I'm relating this from memory seeing as
> the
> Suse box is at home.
> 
> > So really you shouldn't be able to call mysql_connect.inc in a web
> > browser.. you should get a 404 error rather than a blank page ;)

Well without seeing the contents of the file it's hard for me to say :)

either 

a) the mysql_connect.inc contains about 4 or 5 lines that simply has the
SQL connection statement in or 


b) there is a lot more code there that handles the logon process for the
application you've written.

I think by normal conventions it should be a)

For example I googled for the filename and came up with this

http://www.gridpp.rl.ac.uk/viewcvs/viewcvs.cgi/*checkout*/yumit/www/mysql_connect.inc?rev=1.3

<?php

  $configfile = '/etc/yumit/yumit-server.conf' ;
  $iniarray = parse_ini_file($configfile)
    or trigger_error("Unable to read $configfile, does it have the correct permissions?") ;

  $dbhost   = $iniarray['hostname'] ;
  $dbname   = $iniarray['dbname'] ;
  $user     = $iniarray['username'] ;
  $password = $iniarray['password'] ;

# There is an inventory plugin that provides advanced features to Yumit.
# It is turned of by default. Contact R.F.C.Wartel at rl.ac.uk.
  $inventory_module = 0;

# There is also an additional security plugin. Contact R.F.C.Wartel at rl.ac.uk.  
  $security = $iniarray['activated'] ;

  mysql_pconnect($dbhost,$user,$password) 
   or trigger_error("Unable to open db connections", E_USER_ERROR) ;
  mysql_select_db($dbname) 
   or trigger_error("Unable to select db ", E_USER_ERROR) ;

  # Get the title string while we are in this area.
  $titlestring = $iniarray['title'] ;

?>

No idea what the software does but the idea is that you setup your MySQL connection in the $variables at the top and
then use a mysql_pconnect() statement to connect at the bottom.

you could even shorten it down to a single line with a mysql_connect() statement

This file contains sensitive information and you shouldn't be able to get to it over a HTTP connection hence you store
it somewhere safe.

In your main PHP code you can call it with 

include "/path/to/a/safer/place/mysql_connect.inc";

:)

~sm

More information about the Wolves mailing list