Help
for example: you do not want people to be able to go directly to your config.php file.
lets assume your config.php file looks like this:
<?PHP $chost = "localhost"; $cusername = "YOURUSERNAME"; $cpassword = "YOURPASSWORD"; $cdb = "YOURDATABASE"; mysql_connect($chost, $cusername, $cpassword); mysql_select_db($cdb); ?>
That is just a basic mysql connect script. now to protect it! We are adding 4 lines of code, take a look:
<?PHP
if(!defined("SESAMOPEN")){
echo "What are you doing here? You're not allowed to be here, be gone you pest!";
exit();
}
$chost = "localhost";
$cusername = "YOURUSERNAME";
$cpassword = "YOURPASSWORD";
$cdb = "YOURDATABASE";
mysql_connect($chost, $cusername, $cpassword);
mysql_select_db($cdb);
?>Ok, you may think, what in gods name is he doing? Well, hmm ok I understand, let's explain what I just did.
<?PHP
if(!defined("SESAMOPEN")){
?>We are using a if statement to check if 'SESAMOPEN' has been defined, if it is not (see, we are using a '!' in front of defined) tell the user that they are lost and should go back.
<?PHP echo "What are you doing here? You're not allowed to be here, be gone you pest!"; ?>
and last using exit(); to stop and closing the if statement with a }
<?PHP exit(); } ?>
Now you think you're ready, but your not! we are only 50% done! Because, with that code SESAMOPEN will never be defined and thus your own script wont even be able to get access to config.php!
So whenever you want to include config.php to your script to get mysql content you need to add this above the line where you include config.php:
<?PHP
define("SESAMOPEN", 1);
?> That line gives SESAMOPEN a value, so it is ‘defined’ and it will pass the if statement in your config.php file!
And KABOOM, you're done, to test, go directly to your config.php and see if it works
if you need help with this tutorial feel free to comment!
Wildo
Posted 17 May 2007 - 08:30 PM
