Hi I'm reading a PHP textbook. Right now I'm learning how to connect to a DB using mysqli.
Here's some code from the script:
DEFINE ('DB_USER', 'myname');
DEFINE ('DB_PASSWORD', 'local123');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'sitename');
The script then uses mysqli to make a db connection.
A paragraph reads "Since the file contains information - the db access data that must be kept private, the script will use a .php extension because, even if malicious users ran the script in their browser, they would not see the content of the script."
I was curious and ran the script with httpfox open. Looks the connection DOES show all the sensitive info! If you click on the content tab.
So using .php adds no security?
Make sure that PHP-code is enclosed in <?php and ?>. Code that is not enclosed in <?php and ?> is interpreted by PHP as output that should be send to the browser. so you should do something like
<?php
DEFINE ('DB_USER', 'myname');
DEFINE ('DB_PASSWORD', 'local123');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'sitename');
?>