Is something wrong with my question? It is a simple question but I get no replies. Am I doing something wrong?
Originally Posted by charlesp
Senior Member
Is something wrong with my question
Is something wrong with my question? It is a simple question but I get no replies. Am I doing something wrong?
Moderator
Try wording the question differently. From reading the question I am not sure what it is that you are asking.
Senior Member
Here goes
I have a php configuration file (file 1) for connecting to a database above the public_html folder - "/home/bhuser/includes/config.inc.php." I have another file in a subfolder in the public_html folder(file 2).
File 2 needs the config file (file 1) to connect to the database such as:
include('../includes/config.inc.php') but this wont work because file 1 is above the public_html folder. So I have in file 2 "include('/home/bhuser/includes/config.inc.php');" without the double quotes.
My question is: Is the way I have it now - include('/home/bhuser/includes/config.inc.php'); a security risk and if it is what would be the proper way to reference this file as an include and keep the config.inc.php file above the public_html folder?
I hope this makes more sense.
Moderator
I think you can set the include path via the php.ini file. Presumably anything in the path can be found as long as only the file name itself is specified in the include.
Senior Member
Thanks Stephen I'll look at the php.ini file. In the mean time is the way I have it not secure?
Moderator
The PHP can only be read by someone with direct access to the server unless PHP gets turned off on the server (which happened briefly when Apache was upgraded). Even then if the file you reference is above public_html then it can't be accessed from the web.
Senior Member
Thank you
That's good news because the only iinclude_path I could find in php.ini is being used for something else.
Posting Permissions
