Jump to content

about require and password protected folders


cherri8
 Share

Recommended Posts

Hi i have a few questions. some pages have a mysql query so they need to require the file that has the mysql connect but im worried if the data with mysql passwords will appear on those pages? because when i use the include method to show header on many pages everything in header.php is visible on those pages so i think the reason could be is that header.php has no <?php ?>. i want to put the mysql connect and errors in password protected folders.on the signup.php i'll put something like this on top.<?php require ''foldername/errors.php"; "require foldername/connect.php"; ?> i want to hide my codes by putting them in password protected folders.i hope that the errors.php will only echo the messages/errors on the signup page and not everything on errors.php.i'll be using ajax to validate form so i hope it is ok to keep the errors in folders and i hope the errors in folders will still work even if i don't use ajax. xmlhttp.send(NULL); i have a question regarding this,it is from ajax.i notice that people put null there when sending a form to server but i don't understand why the null is there?.seeing the null there made me think that it would prevent the form info from going into the database.i already use google to find answers to my questions but it didnt help.thanks

Link to comment
Share on other sites

everything under php tag will be executed and wont be printed unless you do it explicitly. in some case showing php errors to browser could reveal the credential.

xmlhttp.send(NULL); i have a question regarding this,it is from ajax.i notice that people put null there when sending a form to server but i don't understand why the null is there?.seeing the null there made me think that it would prevent the form info from going into the database.
send() expect a parameter as string when it send data using post.it is same as calling send(). null means nothing. it is not nesceary to use send(NULL) in js.
  • Like 1
Link to comment
Share on other sites

Thanks you help me allot. :Happy: birbal quote:"in some case showing php errors to browser could reveal the credential." does the credential include my password/username of the error.php folder?

Link to comment
Share on other sites

no. (assuming your error.php serve custom error messages and it does not reveal credential explicitly). what i meant, is php runtime errors. eg. if your error level is permited to show all kind of errors and display it, in your php.ini, failure of mysql_connect will show the password username . and you should use .php extension to get file parsed. other extension may (depending in your server setting) not be parsed as php file. thus file will be served as plain text which will reveal credentials. .inc is used to indicate include files but it is better and safer to use .php for them also

Edited by birbal
  • Like 1
Link to comment
Share on other sites

no. (assuming your error.php serve custom error messages and it does not reveal credential explicitly). what i meant, is php runtime errors. eg. if your error level is permited to show all kind of errors and display it, in your php.ini, failure of mysql_connect will show the password username . and you should use .php extension to get file parsed. other extension may (depending in your server setting) not be parsed as php file. thus file will be served as plain text which will reveal credentials. .inc is used to indicate include files but it is better and safer to use .php for them also
thanks. the parse and php.ini thing is new to me and i dont know how to use them even after reading the tutorial.i hope that i won't have security issues from not using them.
Link to comment
Share on other sites

http://au2.php.net/manual/en/configuration.php <= how php.ini config workshttp://au2.php.net/manual/en/function.ini-set.php <= changing configuration in runtimehttp://au2.php.net/manual/en/function.ini-set.php <= list of changable directives and possible values and its scopes in php.ini check thesehttp://au2.php.net/manual/en/errorfunc.configuration.php#ini.display-errors <= display error directivehttp://au2.php.net/manual/en/errorfunc.configuration.php#ini.error-log <= error loging directivehttp://au2.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting <= error level reporting directive http://au2.php.net/manual/en/errorfunc.constants.php <= type of errors in php in production server people use error loging to log errror in a file instead of displaying it in browser. the setting of php.ini is not same for producntion and development server. you may need to tweek it when nesceary. if you go throught this links you will probably get the concept. now or later you will need to get your hand dirty with this. if you have further question post it back here. we will try to help it out.
  • Like 1
Link to comment
Share on other sites

Thanks for links!.I'm checking them out now.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...