Issues hiding password to MySQL Database in PHP file

Question

I have an HTML file with a Form on it, where once the user clicks "submit", a PHP file is called which connects to a MySQL database and updates it with data from the Form.

Question is, how do I mask/hide the passwords to the MySQL database in my PHP code file?

I'm reading all sorts of things about working with "config" files and/or moving things into different directories so as to prevent others from accessing them - I get it in theory - but what are the actual steps I'm supposed to take to make this happen? Like where do I start? What's step #1, what's step#2, etc? Everyone seems to offer little snippets of code, but I haven't found any good start-to-finish tutorial on this.

I called GoDaddy - where my account & DB are sitting - to see if their tech-support guys could help - no one was able to tell me what exactly to do, where to start, etc.

Can anyone out there help?

Answer 1

I think the other answers here are missing the point. If I'm not mistaken, you're talking about your mysql user password. The one which you use to establish a connection to the database in the first place. Right?

Well, you don't hide this. It's in a php file which is code. The public can't read your code (assuming your server is secure) so don't worry about that. Yes, your password is stored simply as text in a php file. It's fine.

Answer 2

A PHP file can include other PHP files that are outside the document root. So if you make a config file (in your case it could just be a fancy name for a file that defines a bunch of variables) and place it outside the document root of your webserver, and then include this file in your client-facing PHP file, that should do the trick.

The reason to put it outside your client-facing PHP file and outside the document root is if somehow through some exploit someone was able to access the actual PHP code.

EDIT following comment from OP:

Your config file could be just like any other PHP file, beginning with <?php and ending with ?>. In between you would define at least one or two variables - $db_username and $db_password and set them equal to their corresponding values. Make note of where you put this file, and in the file that needs to establish a DB connection, just put include('/path/to/config/file'); and use the variables you defined in the mysql_connect command.