MySQLi连接与config.php中的变量
[英]MySQLi connection with variables in config.php
问题描述
I am creating a database connection class, that will access the variables or constants defined in the config.php. 
我正在创建一个数据库连接类,该类将访问config.php中定义的变量或常量。 However, if I am going to create a theme and a plugin engine, how would I only allow the MySQLi connection class to access the config without allowing plugins/themes accessing the information breaching the security of the website & users. 但是,如果我要创建一个主题和一个插件引擎,我将如何只允许MySQLi连接类访问配置,而不允许插件/主题访问违反网站和用户安全性的信息。
Previously, I just defined host, username, password, and database as constants in the config, then included the config inside a file that included all of the core website files, such as the core functions file, database connection, etc - I believe this is how popular CMS's such as Wordpress, etc, does it? 以前,我只是在配置中将主机,用户名,密码和数据库定义为常量,然后将配置包含在一个文件中,该文件包含所有核心网站文件,例如核心功能文件,数据库连接等-我相信CMS等Wordpress等的流行程度如何? If not please correct me. 如果没有,请纠正我。
If I include the config inside the database class, but then include the database class inside the website, the config can be accessed by custom code inside the themes and plugins - which MUST NOT happen. 如果我将config包含在数据库类中,然后再将数据库类包含在网站中,则可以通过主题和插件中的自定义代码访问该配置-绝不能发生。
How would I go about doing this? 我将如何去做呢? I cannot think of any other way. 我没有其他办法了。
Thanks, Kieron 谢谢,基隆
1 个解决方案
解决方案1
1 已采纳 2016-03-03 18:22:12
how would I only allow the MySQLi connection class to access the config
You don't. 你不知道 Instead you should give your MySQLi wrapper class all the settings it needs. 相反,您应该为 MySQLi包装器类提供所需的所有设置。 ie: 即:
class MySQLiWrapper {
public function __construct($server, $username, $password, $database) {..}
}
As for internal security. 至于内部安全。 PHP code has no sandboxing, any script can do an fopen on any file and read it's contents. PHP代码没有沙箱,任何脚本都可以对任何文件进行fopen并读取其内容。 Think about how you want to approach security. 考虑一下您要如何处理安全性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.