Hiding Connection String, do I just change file permissions?
Hi,
I'm planning on using a script like this to display a table from my database.
What I want to know is do I simply change the permissions so the file is executable only? I don't want them to be able to read the code of the php file, but they must be able to read what it outputs.
If it is the permission settings what permissions should I use in this case?
thx all help is appreciated
Code:
<?php
$con = mysql_connect("localhost","peter","abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_db", $con);
$result = mysql_query("SELECT * FROM Persons");
echo "<table border='1'>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['FirstName'] . "</td>";
echo "<td>" . $row['LastName'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Re: Hiding Connection String, do I just change file permissions?
If I'm correctly understanding what you want, then no special permissions are needed. When viewed in a browser, users will only be able to see what PHP has output, nothing else. If they use their browser's "view source" feature, all they'll see is the HTML that makes up your table.
Re: Hiding Connection String, do I just change file permissions?
I believe that you only have to change the permission in the database if a user going to have access to certain functions such as add, delete, etc inside the database.
Re: Hiding Connection String, do I just change file permissions?
As SambaNeko said, you dont have to worry about the world seeing your code. It is server side code, so it is all processed on the server, then the HTML is set to the browser.
