Home Links
Home Page
Blocks try... catch... finally... in JScript 5.
Processing of events in language JavaScript
Job with Cookies on JavaScript
Processing of mistakes in PHP
Installation of the password on page
Erroneous methods of promotion of sites
Erroneous methods of promotion of sites
Keywords - the theory
Do not cling to searches!
Adjustment Firewall under ICQ
Adjustment Firewall under ICQ
Safety PHP+MYSQL+Apache
We use base MySQL
Creation of watermarks with help PHP
Twenty six ways of reception of the qualitative traffic on your site.
Unjustified use OOP
Simple way keshirovanija pages
PHP an example of parsing URL for « User Friendly URLs
topic
 

Safety PHP+MYSQL+Apache

Is at us php a script which addresses to mysql a DB. If we shall enter in a script, conditionally speaking, root mysql'n, whether that we can count on safety of actions (adequacy and unambiguity of the written operations) from a DB? Whether we can count on safe storage of the password in a pkhp-script?


1) It is better to create one more user in base mysql and to curtail to him rights..-


2) All pokljuchenija to base from php to carry out through so-called configuration files. Otsjudova is more detailed.


So for access in mysql through php we create files additional

(Configuration) files setup.php and config.php


file setup.php



<?

$dbname = "dbname";

$dbuser = "dbuser";

$dbpass = "dbuserpass";

$dbserver = "dbserver";

$adminmail = "tvoe@mylo";

?>


Further we create a file config.php

file config.php



<?

function db_err ($handle, $message) {

printf (" %s: %d: %sn ", $message,

mysql_errno ($handle), mysql_error ($handle));

die ();

}


function db_connect () {


global $dbname, $dbuser, $dbpass, $dbserver;

$dbh = mysql_connect ($dbserver, $dbuser, $dbpass);

if (! $dbh) {db_err ($dbh, "mysql_connect");}

$res = mysql_select_db ($dbname);

if (! $res) {db_err ($dbh, "mysql_select_db");}

return ($dbh);


}


?>


Then we bear{we take out} these files for limits of the server, and at last we connect these files in

Those files where we shall work with base.



<?

require ("vash_put`/setup.php");

require ("vash_put`/config.php");

?>


Both finally we receive beautiful and quite bezopastnyj a code.



$dbc=db_connect ();

$query = " select................. ";

$result = mysql_query ($query, $dbc);



--------------------------------------------------------------------------------


How to protect/etc/passwd from viewing?

phpclub


In a configuration file of apache server, in a context corresponding

<Directory directives to specify (or in .htaccess):


php_admin_value open_basedir/home/null/www/htdocs

php_admin_value doc_root/home/null/www/htdocs


--------------------------------------------------------------------------------


inkludy (.inc)


Often it is necessary to store{keep} everyones everywhere - used data / functions in separate

Files, and then to connect, using include [_once]/require [_once].


But these files usually not parsjatsja the server, i.e. them it is possible to look through

Browser, we also want to avoid it. To allow to such files expansion .php it is not so correct, since they can be called through a browser, and though we and shall not see contents, but, for certain, us will begin vylazit` any mistakes php,

Since a code inside files usually raschitan on ispolneie in the certain environment (presence of a connection to base / reading of files / certain of value constant / variable).


There are 2 outputs{exits} as a matter of fact similar

1. To place all .inc files outside document_root apache

2. To write .htaccess to forbid access to all files with certain{determined}

Expansions


Example.



<filesmatch ". (inc|sql |... Other expansions...) $ ">

order deny, allow

* To forbid access from everywhere

deny from all

*UbºUSJU¿Feh access from yours ip (if he at you, certainly, static)

allow from <yours ip>

</filesmatch>