I'm working on a small web project with a friend. It involves a lot of MySQL queries, so I've created a ConnectToDatabase() function that connects to the server and selects our database.
It looks something like this:
function ConnectToDatabase()
{
mysql_connect("db.myawesomehost.com", "Bob", "correcthorsebatterystaple");
mysql_query("USE BobDB;");
}
It feels really bad to hard-code our credentials like this. I can't think of any other way to handle it, though. Putting it in a constant doesn't really solve anything, and hiding it away in some text file just seems ridiculous.
Should I even care? How is this handled in large projects with tons of people?
Factor it out into a separate config file. For one, it'll let you at the very least set some variable like "DEBUG_MODE" that will switch out your production credentials for your test environment ones. You can optionally not keep the separate file under version control if you like, or keep one with dummy credentials in your code repository so that users have to supply their own credentials instead of having access to global ones.