I am new at web programming. I registered to a MySQL server. I have to use a code in my PHP file like this : Code: mysql_connect("DATABASEIP", "USERNAME", "PASSWORD") or die("Can't connect to database."); But this method doesn't seem to be safe, because anybody can download this PHP file using a download manager program. Is there any way to connect my database hiding my password?
Not actually. No one can download the PHP file unless he knows your FTP details or you allow anonymous FTP connections. So you should not allow the FTP and it will be safe as through the browser they try to fetch and it will be the final output you flushed through the HTML and nothing more.
Just a minute ago I tried what you said and I realized that there was no PHP code in the downloaded file. What is the reason we can't download a PHP file with all its contents? Is it impossible? And unfortunately, my web site is University supported and it allows anonymous FTP connections.
The actual reason is your when we make a request fro a PHP file through the explorer it send the request to the webserver for the same and as the request goes to your uni server it parses the php file and sends the output HTML as the output. You can ask for any file extension (HTML, JSP, ASP) to be parsed as PHP.