My Password is Shown?!

AhmedHan's Avatar, Join Date: Oct 2005
Go4Expert Member
I am new at web programming. I registered to a MySQL server. I have to use a code in my PHP file like this :
Code:
mysql_connect("DATABASEIP", "USERNAME", "PASSWORD") or die("Can't connect to database.");
But this method doesn't seem to be safe, because anybody can download this PHP file using a download manager program.

Is there any way to connect my database hiding my password?
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Not actually. No one can download the PHP file unless he knows your FTP details or you allow anonymous FTP connections. So you should not allow the FTP and it will be safe as through the browser they try to fetch and it will be the final output you flushed through the HTML and nothing more.
AhmedHan's Avatar, Join Date: Oct 2005
Go4Expert Member
Just a minute ago I tried what you said and I realized that there was no PHP code in the downloaded file.
What is the reason we can't download a PHP file with all its contents? Is it impossible?
And unfortunately, my web site is University supported and it allows anonymous FTP connections.
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
The actual reason is your when we make a request fro a PHP file through the explorer it send the request to the webserver for the same and as the request goes to your uni server it parses the php file and sends the output HTML as the output. You can ask for any file extension (HTML, JSP, ASP) to be parsed as PHP.