SQL Login, how safe is it.

[Randy_of_Neuron]

I'm new to the PHP / SQL thing, so this might have been answered already. I searchend and can't find the answer directly though.If I make a PHP script that logs into a MySQL database on my server, and the "User Name' and 'Password' are directly given in the PHP script. Then I make the file have 711 permissions, can anyone extract the 'User Name' and 'Password' somehow? For example if I put in my PHP$con = mysql_connect("localhost","peter","abc123");if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("my_db", $con);Like the W3 Tutorial says and make the file 711, can anyone extract out the "peter" or "abc123" and is this the safeset way to access a data base on a server? Thanks everyone.

[Matpatnik]

No one will be able to access your variables from outside the server if you keep them in a .php file except $_POST and $_GET.I think those two are the only one that people can access.

[zppblood]

Don't forget $_COOKIE and some of the $_SERVER.

[justsomeguy]

The answer is "no", no one can see any code inside your PHP file if you save the file as .php. Regardless of the permissions, if someone gets your file they don't see your PHP code, only the output of it. However, if they have FTP access to your site then they can see any code that they want to. But if they have normal HTTP access to your site then, no, they can't see your PHP code.