Where to put the database sensitive information [duplicate]
I don't know if this is what you are looking for:
You can put your sensitive data in your db.php, but outside the web root directory (public_html or www).
For example, you could have a directory called config which is a sibling of your web root directory, and store your db.php file there.
You can include your db.php file like this:
require_once('../config/db.php');
I hope this helps.
I would personally create a file called db.php and place this above the public_html folder on your server
for example
<?php error_reporting(0); $link = FALSE; $link = mysql_connect('hostname', 'username', 'password'); if ( ! $link) { die("Couldn't connect to mysql server!"); } else { mysql_select_db('databasename'); }?>
This turns off error reporting at the same time as connecting to your database, from your index.php you would include the file like so:
<?php require('../db.php'); ?>
Its fine to put it in a db.php file, just use require_once()
just after the opening <?php
tag of each document.
If basedir restriction is not in effect, move db.php file outside of your web/ftp root that way its definitely not accessible via http/ftp. Make sure permissions are set properly on this file though.
Since you aren't using OOP or an MVC structure for your code this is the best route to go.