Accessing database from generated form
Brought to you by:
nileshd
Menu
▾
▴
I've finally got into code genie, having taken ages to point my include_path in .htaccess file correctly, and accessed my MySql database. I chose Code Genie Form Maker and got the php output. I then copied this output to a file and tried to run it but got the database connect error (as shown below)
Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host '{DB_HOST}' (11001) in C:\sokkit\site\phpCodeGenie3.0.2\filesCopyTemplate\php\simple\common\dbConnection.php on line 10
Error !! Unable to connect to database
I can obviously fix this by entering in the value of DB_HOST, etc into the file but is the correct way to do it? If so, I would have to enter in my database password in order to connect, which doesn't seem a very secure way to proceed. Am I missing something? Is there a better (more secure) way creating my web pages that will have to access my database?
Thanks for any light anyone can shed on this situation.
Freakazoid didn't get any reply to this post, but is there a better way of doing the job than he suggested all that time ago?
Cheers
Andy
Andy
No, there isn't any other way I found to do this other than putting your password in the file. The only thing you can do is to make your webserver as secure as possible and not make it obvious where this file is.
I'm amazed people are reading mails that I wrote more than half a year ago. I've become much more proficient at PCG now, and will try to help if you have any PCG issues.
Freakazoid
Thanks for that Freakazoid. As you may see posted in the post 'WIMP & Shared server...' post, I'm having a look at Qcodo but finding it much harder going than PCG.
Regards
Andy
Andy
That's cool. Whatever works and makes your life easy is what you should use. PCG is a very good way to get started and gain a march on the learning curve for php. It allows you to be productive whilst bypassing alot of the hassle of connecting to databases correctly and having basic CRUD functionality. Take a look at the app/utilities folder - there is alot of useful utilities there.
Freakazoid
I'm not sure if I understand the foregoing, but I HOPE that you put all that access stuff in an include file that is NOT directly accessible from the browser.
If you're just having fun on a dev/local machine, then no problem, but if you deploy on a host that is "in the wild", then be sure to follow best practices for PHP and other environments by not exposing configuration includes in the browser's path.
In other words, if you can add the path/filename in the browser's address line and it does NOT return a "file not found", your configuration IS AT RISK.
HTH.
Dave Nuttall
San Antonio, TX