[thelist] MySQL, PHP, and passwords

Bernardo Escalona escalonab at gmail.com
Tue Feb 22 11:29:29 CST 2005

Fellow web developers:

I recently started to learn about MySQL and how to use PHP to interact
with MySQL databases.

Most of the tutorials agree that the way to access your database from
php is more or less the following:


Which requires you to actually type your MySQL password right on the
php file in cleartext.

Now, i know php files are evaluated server-side and only html is
returned to the browser client-side, but it still seems kind of
strange to me.

Is this how its done? Is it safe? Are php files themselves safe from
anyone who doesnt have ftp or shell access to the web server?

On a side question, but also on a similar topic: if i want to store
usernames and passwords in a table of my MySQL database, can i be sure
this information is safe? Do i need to encrypt the password fields of
the table in some way? Note that i dont work for a bank or the
pentagon, but reasonable security would still be good.

Thank you and sorry for the many questions.

Bernardo Escalona Espinosa
tel: 56 22 85 23
cel: 55 18 56 74 73

More information about the thelist mailing list