Maybe easy - securing php files containing DB access passwords etc.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello there,

In summary: How to make my password protected php scripts available for use
to public, without letting them do anything they want to DB.

Previously a shared hosting hosted MySQL database was only used by internal
staff and so all the php scripts were simply held on a password protected
folder (HTTP style) that the staff would know to do their duties with the

However, a requirement has come for a public website to become available
that allows anyone to visit a webpage, and submit some details via a webform
and these details need to be inserted into the database.

This currently creates the problem that when they HTML form is submitted to
a PHP script (adapted from an existing insert data php script from before)
that is located in the password protected folder, it obviously prompts for
the password.

Even if I move this script out of the password protected directory, this
script still relies on many library php scripts that do things like connect
to the DB.

So therefore what is the best way of going about making this work. I want
users to be able to submit the webform without being prompted for a username
and password, but I want to protect access to php scripts because we do not
want anyone else to do the many other functions available (such as view /
amend records etc.)

This may be really simple and I am just missing something very obvious. A
Google search just led me to many things explaining password protection in

Kind regards and TIA.


Re: Maybe easy - securing php files containing DB access passwords etc.

Add your "protected" directory to include_path.

Re: Maybe easy - securing php files containing DB access passwords etc.

Quoted text here. Click to load it

Hi there,

Thanks for that, and forgive if this is another dumb question, but if I am
using a shared hosting (where I pay x amount per month for like webfusion)
am I able to amend the include_path.

Can you explain a little more if I am supposed to add it to one of my files
or how this still protects my folders but allows public visitors to make
additions to the DB.

Kind regards


Site Timeline