In reading various opinions on securing a PHP document containing database access information (to connect to the database), it’s been suggested several times to place this PHP file outside of the root directory (above or at same level as root but not in the root directory). While this seems to make sense to me, I’ve not been able to find any reference to how to gain access to this file for my ‘Include’ statement. Up to this point I’ve used absolute pathnames (e.g., /root) but I haven’t found how to describe a path outside of the web documents directory. Do you have any suggestions? Thank you for any help you can provide.
Code Implementation #1 (suggestion from Professor Abronsius)
I am now running into something odd. The new ‘include’ works perfectly for the first query but the second – which is almost identical – fails. I am receiving an error (“ErrorException: Undefined variable: connection”) at line 3179 (see below).
Here is the first query (this one works):
require_once 'mysqli_connect_sa.php';
$sql_query = "SELECT ...";
$result = $connection->query($sql_query);
$row = mysqli_fetch_assoc($result);
mysqli_free_result($result);
mysqli_close($connection);
Here is the code for the second (this one fails with error):
require_once 'mysqli_connect_sa.php';
$sql_query = "SELECT ...";
$result = $connection->query($sql_query); // Line 3179
$logo = mysqli_fetch_assoc($result);
mysqli_free_result($result);
I am not seeing any difference so I must be missing something here in how this approach is utilized? The error implies that “connection” is not defined but why would that also not be the case for the first query? Any help here will be appreciated. Thank you.
Advertisement
Answer
Perhaps using chdir and getcwd will help
<?php
$cwd=getcwd(); # current working directory...
chdir( $_SERVER['DOCUMENT_ROOT'] );
chdir('../'); #go up 1 level
define( 'PATH', getcwd() ); #define PATH
chdir( $cwd ); #go back to original working directory
echo PATH.'<br>';
?>
You can define the includes_path using a static string or you could use a method like above to determine the level above the document root and call:
set_include_path( PATH );
If there is a specific directory above root containing config files, db connections etc:
chdir('../conn/');
define( 'PATH', getcwd() );
set_include_path( PATH );
and then you should be able to include files using a simple call such as:
require 'db.php';
If you are using the db connection within your own functions then you again do not need to rebuild the connection for every invocation of your functions. A single connection will suffice if handled correctly. The following is pseudo-code.
require 'db.php';
$db=new db($usr,$pwd,$host,$db);
function userfunc_1($db){
$sql='select * from table1';
$res=$db->query($sql);
return $res;
}
function userfunc_2($db){
$sql='select * from table2';
$res=$db->query($sql);
return $res;
}
$a=userfunc_1($db);
$b=userfunc_2($db);
OR
require 'db.php';
$db=new db($usr,$pwd,$host,$db);
function userfunc_1(){
global $db;
$sql='select * from table1';
$res=$db->query($sql);
return $res;
}
function userfunc_2(){
global $db;
$sql='select * from table2';
$res=$db->query($sql);
return $res;
}
$a=userfunc_1();
$b=userfunc_2();
In both cases the same database connection is used but either passed as a parameter or included with global