Home / Questions / 53629
Accepted
Dev 200
Asked: 2020-03-08 04:39:11 +0800 CST 2020-03-08 04:39:11 +0800 CST

Protect config.ini file gives error when using mysqli for connection

  • 772

Based on this question: https://stackoverflow.com/questions/216019/is-it-safe-to-deny-access-to-ini-file-in-htaccess

I found the following way to protect the config.ini file for a mysqli connection:

;<?php
;die(); // For further security
;/*
    [database]
    driver=mysql
    host=localhost
    port=3306
    schema=base
    username=root
    password=
;*/

It gives me the following error:

SCREAM: Error suppression ignored for Warning: syntax error, unexpected END_OF_LINE, expecting '=' in __config.php on line 5

If I use quotes, based on the http://php.net/parse_ini_file

(Values ​​null, no and false results in "", yes and true results in "1".)

;<?php
    ;die(); // For further security
    ;/*
        [database]
        driver="mysql"
        host="localhost"
        port="3306"
        schema="base"
        username="root"
        password=""
    ;*/

It gives me the following error:

Warning: syntax error, unexpected END_OF_LINE, expecting '=' in __config.php on line 5

Switched to:

;<?php
;die(); // For further security
;/*[database]
host="localhost"
username="root"
password="" 
schema="base";*/

It no longer has an error, but I think it doesn't parse well

configuring database:

$file ='__config.ini.php';

$config=parse_ini_file($file);

  $host = $config['database']['host'];
  echo $host;
  $user = $config['database']['user'];
  echo $user;
  $pass = $config['database']['pass'];
  echo $pass;
  $schema = $config['database']['schema'];
  echo $schema;

It gives me an error, Undefined index: database for each line

Last ini modification:

;<?php
;die(); // For further security
;/*
[database]
driver="mysql"
host="localhost"
port="3306"
schema="base"
username="root"
password="" 
;*/

Connection.php

<?php

$file ='__config.ini.php';

$config=parse_ini_file($file, true);

$host=$config['database']['host'];
$user=$config['database']['username'];
$pass=$config['database']['password'];
$schema=$config['database']['schema'];

class DBConnector {
    private static $instance ;
    public function __construct($host, $user, $password, $db){
      if (self::$instance){
        exit("Instance on DBConnection already exists.") ;
      }
    }

    public static function conectar(){
      if (!self::$instance){
        self::$instance = new DBConnector(a,b,c,d) ;
      }
      return $instance ;
    }
}

$mysqli = new DBConnector($host,$user,$pass,$schema);
?>

Line to connect:

require_once '__conexion.php';
$conexion = new DBConnector($host,$user,$pass,$schema);

Mistake:

Call to undefined method DBConnector::prepare() line 15

line 15:

$statement = $conexion->prepare($sql);

Reading on php.net

got this:

class conexion extends mysqli {
    public function __construct($host, $usuario, $contraseña, $bd) {
        parent::__construct($host, $usuario, $contraseña, $bd);

        if (mysqli_connect_error()) {
            die('Error de Conexión (' . mysqli_connect_errno() . ') '
                    . mysqli_connect_error());
        }
    }
}

$conexion = new conexion($host,$user,$pass,$schema);

Is it safer?

php

1 Answers

  1. Best Answer

    Define the .ini file without leading spaces:

    ;<?php
;die(); // For further security
;/*
[database]
driver="mysql"
host="localhost"
port="3306"
schema="base"
username="root"
password="" 
;*/

    Using the function $config = parse_ini_file($file);you can access the values ​​like this:

    <?php 
$config = parse_ini_file($file);
echo $config['driver'];
echo $config['host'];

    If you want the sections to be processed, use it like this $config = parse_ini_file($file, true);and you'll be able to access the values ​​via a multidimensional array:

    <?php 
$config = parse_ini_file($file, true);
echo $config['database']['driver'];
echo $config['database']['host'];
    • 2