stackoom
  简体   繁体   中英

PHP storing db credentials in session

 原文  2017-08-10 17:49:19       php/ mysql

Question

Using PHP, is it alright to store database credentials in $_SESSION? I am looking for a way to avoid including config files every time I need to use config vars.

1 answers

solution1
 1  2017-08-10 17:58:42

I would suggest sticking with the config file, as it allows changes in real time, if you change the config then this data will change instantly for any users that are online, where sessions would have to be set again every time it's changed. Always including a config may be easier than you think.

You can include a file using a path from your directory root, like this: 

<?php 
   include_once $_SERVER['DOCUMENT_ROOT']."/path/to/config.php";
?>

Where the path should be from your document root, basically from the root of your project. A lot of the time people keep this file in their root, so if your config file is at http://example.com/config.php

using this include will load it from any php file in your project. 

<?php 
   include_once $_SERVER['DOCUMENT_ROOT']."/config.php";
?>

Also, as Qirel mentioned:

The config should be stored outside the public folders - only accessible by the server (and not directly in the browser).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Storing DB Credentials Securely storing user credentials in DB, for PHP web application PHP, session not storing above a certain number of DB records PHP storing session data, storing userid in session PHP - Storing Session in a Database PHP Session not saving/storing PHP session not storing values Session is not storing variable PHP Session is not storing variables in PHP? PHP not storing session ID
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM