PHP - Storing Sensitive Information In Environment Variables
I am by no means a security expert, but I would like to know if storing MySQL database information in an environment variable would be a good or bad idea. What are your thoughts?
Similar TutorialsWhat I have done in the past is created a conn.php file, used as an include, when I wish to connect to my DB. As a security measure, rather than have my connection info in a file that could potentially get accessed by unauthorised users, I read that I could use environment variables and store the database connection string values i.e username, password etc for retrieval. Can anyone offer some guidance on going about this? Thanks What's the best way to cache things on the server? I've found some SetEnv things but this all seems to be a single key/value.
I'd like to cache an array of things that I can access later. Right now it's cached in $_SESSION which is fine, but still there's overhead on every first-time visitor to a site. Is there a way to add something to $_SERVER or elsewhere that ALL visitors to a website will ultimately be able to access?
I guess I want something like web.config in C#, where the first time a page is visited, the "app starts", as it were, and those things are now in cache on the server.
What's the best way to do this?
Not asking you to troubleshoot for me but to pop in any thoughts you might have on how YOU would troubleshoot this problem.. Thanks
This is a wp site.. and generated the following error.. Notice: Undefined index: USER_AGENT in /home/luxuryrealtygrp/public_html/wp-content/plugins/LRG/Masked/Filters.php on line 31 This is what line 31 that is being called out: Line 31: function lrg_masked_field($false, $field_name){ if(is_user_logged_in() || stripos($_SERVER['USER_AGENT'], 'google') !== false || stripos($_SERVER['USER_AGENT'], 'yahoo') !== false || stripos($_SERVER['USER_AGENT'], 'bing') !== false){ return false; }
Just looking for ideas that might help to chase this down..
Edited December 17, 2020 by tommytx I've googled a lot but still can't find much of a clue for how to do this (printing all environment variables in PHP that is). I know it has something to do with $_ENV and $_SERVER but... I would be thrilled for some guidance! Best regards, Rasekamon Hi,
Webapp noob here.
I have an application that is going to be data-heavy, so I would like to avoid saving things to the database whenever possible. The application in a nutshell is an android application wired up to a php web app(with MySQL) where you can send requests to the phone and the phone will respond with text or image data with POST.
The normal way to do this would be for the phone to post the data to the database, then have the webapp display it. However, what im wondering is if it is possible for a user on the webapp to request information from the phone, and then when the phone replies using a POST to display the information temporarily in maybe a popup window instead of having to save it to the database.
Thanks!
Hello all, I'm having some problems with a script ive written which is designed to allow me to send a message to all the users of my site. the form works fine, the SQL works fine but im having a problem with storing php variables and outputting them in the message. The form has a field named "allmessage" which is where i'll type my message, I'll type something like "Hello $Name" and store the text as $allmessage = $_POST['allmessage']; example script //loops through each member while ($row=mysql_fetch_array($sql)) { //sets variables $ID=$row['ID']; $Name=$row['MemberName']; $Email=$row['Email']; $content_type = 'Content-Type: text/plain; charset="UTF-8"' ; mail($Email, $allsubject, $allmessage, $content_type); } //loop ends send us a copy of the mail mail("me@me.com", $allsubject, $allmessage, $headers ); Now what I want to be outputted in the email is "Hello John" or "Hello Paul" but what I get is "Hello $Name". Any ideas?! I need to store variables that look something like this:
3434432545 -> 32435219098999, title description 21
4455332545 -> 32411111118999, title description 22
9987432545 -> 32435211112999, title description 23
2111432545 -> 32222319098999, title description 24
I'm OK to have the above information hard coded
Answer: use an array?
I used to code in Perl (many years ago!!). There you had something called a hash table (I think!). Apparently, that was much better for doing a lookup. Is there something equivalent in PHP?
Also... it would be awesome if I could have something like this:
3434432545 -> 32435219098999, title description 21
4455332545 -> 32411111118999, 5657, title description 22
9987432545 -> 32435211112999, 32434, 2345, title description 23
2111432545 -> 32222319098999, 34243554, 43543, 453, title description 24
i.e. each object having potentially unlimited number of extra fields associated
Question: to start with, I'll have 100 - 200 of the above. But if I had 5000 say, how would this impact in loading into memory? Or is that too small and not something to worry about?
Thanks in advance!
OM
Still working on my project, and i have been learning a lot here! Thank you so much. But as you may have guessed, i still have problems. User registration is working, and new users are put in the database with a rank of 0. This means they can't do anything. (can there be trouble with this. I mean, a rank of "0"?) An admin needs to give access to these accounts, but that is where it becomes difficult. The following code is showing the new accounts to the admin. Code: [Select] <?php include("navbar.php"); if ($admin<2) //normal guy or not { die ("Du har ikke rettigheder til at se denne side!"); } else if(isset($_POST['submit'])) { //code to make the user able to use stuff } { $connect = mysql_connect("localhost","root",""); mysql_select_db("eksamen - phoenix"); $query = mysql_query("SELECT * FROM users WHERE rank='0'"); ?> <form action='admin.php' method='POST'> <table> <?php while($row = mysql_fetch_assoc($query)) { echo " <tr> <td> ".$row['username']." </td> <td> ".$row['email']." </td> <td> ".$row['real_name']." </td> <td> <input type=\"checkbox\" name=".$row['username']." value=\"Godkend\"> </td> </tr> ";} ?> <tr> <td> <input type='submit' name='submit' value='Register'> </td> </tr> </table> </form> <?php } ?> As you may see, there is a lot of turning php on and off. I made it work this way, but i guess there is nothing wrong with it. The problem is that the username is not stored, so i can connect to the database and change the "rank" value. Changing that value should be easy, but storing the username is as easy as i thought. Any ideas? Why (if it is) bad practice to use the $_SERVER array to store variables like the database hostname, username, password, etc... or even a mysqli object? I know the whole anti lazy coding, but is there another reason not to go about things like this? Okay, so I have a form and now I am trying to write the post data to a db. The thing is, the way the HTML was designed, I had to adopt a poor naming convention in order to satisfy some other requirements. I'm just getting into PHP.. Is it possible to assign PHP variables and then store these variables to my database instead? Right now, I have an e-mail sent to myself but it looks like gibberish.. So I started doing this Quote $CostReadiness= $_POST['tfa_ReadinessCostEst']; $BudgetReadiness= $_POST['ReadinessBudgetc']; $Recommendations= $_POST['tfa_ReadinessITAsses']; and such for all of my entries.. Could I set up a table using these variables? Hey, I made a simple form: Code: [Select] <html> <body> <form action="action.php" method="POST"> <input type="text" name="text" /> <br> <input type="submit value="submit" /> </form> </body> </html> The action.php is as follows: <?php $text = $_POST['text']; header('location:next/index.php'); next/index.php is as follows: <?php include_once('../index.html'); echo "Hello, your text was " . $text . "!"; ?> Problem: Where the $text variable is located in next/index.php there is a blank space. The php includes the first index.html correctly without errors, but it seems like it doesn't store the variable. Thanks in advance Hi,
I hope this belongs to the right sub-forum.
I'm gonna be on the move for quite some time, and I was wondering if there was an [almost] ideal portable PHP development environment, which I can treat just like the non-portable counterpart, which will include using Composer, Laravel, etc.
With a little research I found http://zwamp.sourceforge.net/ and http://www.codelobster.com, but I'm not sure how efficient they are.
Any of you guys use this approach?
Thanks.
I am trying a very simple thing , just to run an exe on local WAMP environment.The code below launches does launch notepad(can see in task manager) but doesn't show up.I want test.txt to be opened in a window. <?php $WshShell = new COM("WScript.Shell"); $oExec = $WshShell->Run("notepad.exe C:\wamp\www\test.txt", 3, true); ?> I have tried exec as well .Same problem.What modifications are needed? I need to make the following code work without case sensitivity. For example, if this was processed, I would like for $message to be changed from "Stupid is not a nice word. Ugly is not nice either." to "unintelligent is not a nice word. unattractive is not nice either." For my purposes, I don't care that the capitalization changes, I just need the $goodwords to be replaced with the $badwords regardless of capitalization. Any ideas here? Code: [Select] <?php $message = "Stupid is not a nice word. Ugly is not nice either."; $badwords = array("stupid", "ugly"); $goodwords = array("unintelligent", "unattractive" ); $message = str_replace($badwords, $goodwords, $message); ?> I have taken over a wordpress site that a web developer set up and he is no longer working with me so I cant get his help with it, I have a custom front page that has been pulling press releases that where posted previously and categorized as "press" I was asked to add a blog which I did by categorizing the post as "blog" In a nutshell, I now need the front page code to pull a mixture of both the "press" and "blog" each category has a numerical id so blog is 7 and press is 3 This is the current code that is in the page <?php query_posts('category_name=press&showposts=10&offset=0'); ?> I looked up wordpress support for this, and found this query_posts(array('category__in' => array(2,6))); How can I integrate this if possible with the top line so it pulls the newest posts from both categories? Any suggestions could REALLY help me out! Thanks! How do I make the username and password checking CASE SENSITIVE? $result=sprintf("SELECT * FROM db WHERE username = '%s' AND watchword ='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)); Thanks. Bickey. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=317710.0 I am using preg_replace to automatically bold "$word" when it appears. It will only replace the word when capitalized. How can I get it to replace the word without being case sensitive. Also could I also throw a link in? I tried and I get a syntax error. I'm guessing the links in PHP are different than HTML Here is my code <?php $find ="/$word/"; $replace ="<b>$word</b>"; Echo preg_replace ($find, $replace, $definition); ?> Thanks when the simple search script in the tutorials on this site searches my mySQL database it doesnt find results unless they are typed in the same case as the original entry. ie 'horse' does not find 'Horse' is it some problem with my database table formats or do i need to add a bit of script to the search to solve it? Hello, I am completely new to php so please forgive me ahead of time. I am trying to create a link button on a website for a client that only directs to a certain external website on certain days and hours. Specifically, this is a web radio button that the client only wants to link to the web radio site when their live broadcast is on the air during certain hours on the weekend (i.e. Sundays 8-10 PM). Any other time, the client wants the web radio button to link to a default page since the web radio station plays unrelated music all other hours of the week. Does anyone know the best way to create such a time sensitive link for a button on a webpage? Thanks. |