I have created an include file that contains a username and password for a database. How do I prevent people from accessing that file directly?

Protecting PHP Includes

In order to create a PHP file that is inaccessible from the WWW, please follow these instructions.

1) Create a directory within your public_html directory
2) Password protect the directory
3) Add the files that you do not want to be accessible to the protected directory

As PHP accesses files internally, it ignores password protected directories. However, if anyone tried to directly access those files from an external source, they would be prompted for a username and password.

An alternative method would be to store the file outside of the web root. So, if you have a script located at:

/home/sites/yoursite.com/public_html/thescript.php

You could place your database connection file here:

/home/sites/yoursite.com/dbconnect.php

And in 'thescript.php', you would have this line:

include('/home/sites/yoursite.com/dbconnect.php');

Thus, keeping it away from the web.

  • 34 Users Found This Useful
Was this answer helpful?

Related Articles

How do I set permissions on files and scripts?

Doing a CHMOD (changing a file's permissions) is the setting of access privileges for a file....

What is the path to perl?

/usr/bin/perlYou can also find information on paths to other useful programs by logging in to...

Does Fast-name support Image::Magick?

Yes we do, and in case you need to know the exact version number, at the time of writing, the...

What is the path to sendmail?

Should you need the absolute path to sendmail for use in a CGI script, it's in...

Can you set "register_globals" to ON in PHP for me?

Such a global change to the php.ini config is a well known security risk and affects all other...