最好的方法来创建配置文件(config.php)php

Question

我正在为我的项目创建一个数据库配置文件,但我不确定我的config.php是否安全.

如何修改此脚本以获得安全连接？

config.php文件

<?php
$username="root";
$password="";
$host="localhost";
$database="practise";
?>

的index.php

<?php
include 'config.php';
$con=mysql_connect("$host","$username","$password") or die("Server Error");
mysql_select_db("$database") or die("Database error");

if($con==true)
{
    echo "Success";
}
else
{
    mysql_close($con);
}
?>

Answer 1

1)创建一个config.php

define('DBUSER','username');
   define('DBPWD','password');
   define('DBHOST','localhost');
   define('DBNAME','database name');

2)db.php

 <?php
    include('config.php');
    class db extends mysqli {


        // single instance of self shared among all instances
        private static $instance = null;


        // db connection config vars
        private $user = DBUSER;
        private $pass = DBPWD;
        private $dbName = DBNAME;
        private $dbHost = DBHOST;

        //This method must be static, and must return an instance of the object if the object
        //does not already exist.
        public static function getInstance() {
        if (!self::$instance instanceof self) {
                self::$instance = new self;
        }
            return self::$instance;
        }

        // The clone and wakeup methods prevents external instantiation of copies of the Singleton class,
        // thus eliminating the possibility of duplicate objects.
        public function __clone() {
       trigger_error('Clone is not allowed.', E_USER_ERROR);
        }
        public function __wakeup() {
        trigger_error('Deserializing is not allowed.', E_USER_ERROR);
        }

        private function __construct() {
        parent::__construct($this->dbHost, $this->user, $this->pass, $this->dbName);
        if (mysqli_connect_error()) {
            exit('Connect Error (' . mysqli_connect_errno() . ') '
                    . mysqli_connect_error());
        }
        parent::set_charset('utf-8');

       }
       public function dbquery($query)
        {
            if($this->query($query))
            {
                return true;
            }

        }
        public function get_result($query) 
        {
            $result = $this->query($query);
            if ($result->num_rows > 0){
            $row = $result->fetch_assoc();
            return $row;
            } else
            return null;


        }
    }


    ?>

3)用途

 require 'db.php';
    $query="select * from tbl_session";
    $sockets = db::getInstance()->get_result($query);

或任何其他查询

$query="insert into `tbl_chats` (coloum_name) values('".$val."')";
$wisherID = db::getInstance()->dbquery($query);

Answer 2

我找到了为我的项目创建 config.php 文件的最佳方法

索引.php

<?php
include 'config.php';
try
{
    $host=$config['DB_HOST'];
    $dbname=$config['DB_DATABASE'];
$conn= new PDO("mysql:host=$host;dbname=$dbname",$config['DB_USERNAME'],$config['DB_PASSWORD']);
//new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);
}
catch(PDOException $e)
{
    echo "Error:".$e->getMessage();
}
?>

配置文件

<?php
$config=array(
'DB_HOST'=>'localhost',
'DB_USERNAME'=>'root',
'DB_PASSWORD'=>'',
'DB_DATABASE'=>'gobinath'
);
?>

Answer 3

我更喜欢使用常量作为配置选项而不是变量，这有以下三个原因：

1. 它们是全局的，因此无需将它们作为参数或global关键字插入函数中，
2. 应用本身无法更改它们（如果您不小心会导致一些笨拙的错误，可能会偶然发生），
3. 好的编辑者可以提供代码完成功能，并且可以导航到声明常量的行。这使得处理具有很多选项的大型项目变得容易一些。这也适用于全局变量，但是常量有点“干净”（经验法则是保持全局范围尽可能干净）。

例：

<?php

const DB_HOST = 'localhost';
const DB_USER = 'user123';
const DB_PASS = '';
const DB_NAME = 'test';

指数：

<?php

require_once 'config.php';

$link = new MySQLi(DB_HOST, DB_USER, DB_PASS, DB_NAME);