Suppose you have the file in your server named config.php where you’ve wrote the necessary functions for DataBase connection. Any Body can get information by accessing it directly from a browser. Here is a way to prevent this…
<?php
if (!defined(‘prover’))
{
die(“File not found”);
}
// MySQL Settings
$db_host = ‘localhost’;
$db_user = ‘root’;
$db_database = ‘registration’;
// Connect to the database
mysql_connect ($db_host, $db_user) or die (‘Could not connect to the database.’);
mysql_select_db ($db_database) or die (‘Could not select database.’);
print “Hallo”;
?>
The function defined checks whether a constant exists. The variable prover is not defined in the PHP script, so, if you try to access config.php directly, you’ll see “File not found” right on top, preventing people from looking at your code and discovering what your login/password are, if any. In this case, mysql_connect lacks a password. That’s because there isn’t one in the local server.
