Connecting to the database for Ajax Search... Making it safe.

[ultimate_zc]

I'm working on an Ajax Search plugin. As of right now I have search.php file which I'm uploading to the root level of the server. In order for the plugin to work, I need to connect to the database therefore I'm adding the settings for sever, user, database name and database password from configure.php.

Thus far it works either of the following two ways

I just add:

PHP Code:

include('includes/configure.php'); 


or add :

PHP Code:

define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', 'root');
define('DB_SERVER_PASSWORD', 'root');
define('DB_DATABASE', 'database'); 


The ideal would be to use the first example since there would be no need to modify the file but regardless, I'm concerned about exposing any settings that could compromise the safety of the website.

How can I make this file safe from intrusion other than just setting the permissions to read only?

Is either of these examples above safer than the other?

Thanks for any advice.

[rbarbour]

I'm working on an Ajax Search plugin. As of right now I have search.php file which I'm uploading to the root level of the server. In order for the plugin to work, I need to connect to the database therefore I'm adding the settings for sever, user, database name and database password from configure.php.

Thus far it works either of the following two ways

I just add:

PHP Code:

include('includes/configure.php'); 


or add :

PHP Code:

define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', 'root');
define('DB_SERVER_PASSWORD', 'root');
define('DB_DATABASE', 'database'); 


The ideal would be to use the first example since there would be no need to modify the file but regardless, I'm concerned about exposing any settings that could compromise the safety of the website.

How can I make this file safe from intrusion other than just setting the permissions to read only?

Is either of these examples above safer than the other?

Thanks for any advice.

I always use

require('includes/application_top.php');

// whatever code

require('includes/application_bottom.php');

[ultimate_zc]

That works pretty good too, thanks.

Is it safe? Should I move that file into a folder along with an index.html? I think that just by setting the file to read only should work but I'm hoping to hear a better suggestion.

[rbarbour]

That works pretty good too, thanks.

Is it safe? Should I move that file into a folder along with an index.html? I think that just by setting the file to read only should work but I'm hoping to hear a better suggestion.

check these out:
http://www.zen-cart.com/docs/phpdoc-...n_top.php.html

http://www.zen-cart.com/wiki/index.p...als#InitSystem

[ultimate_zc]

Can't thank you enough.

Happy Holidays!

[rbarbour]

Can't thank you enough.

Happy Holidays!

Happy Holidays to you!