I have been reading a little that you should secure your PHP code to
prevent SQL injection into a database (MySQL in my instance), mainly by
checking the type of data to be put into a database, and if text, to
addslashes() the data.
What I have not managed to find out, is does SQL injection threaten the
input of data into a database, ie a guestbook, or the reading of a database
where the user would not know if the data is being read from a database?
Is there anything else to consider to make a database more secure?
In particular, I have read here a few months back that it's a good idea to
keep the username / password of the connection outside the root of the
website. How would I access the password file then? What I mean is, if I
want a certain file in my site I could access it by writing:
www.mysite.com/password.php
But as it would now be outsite the root, how would I be able to get to the
password.php file?
I have also read a bit that you can assign privelages (similar I guess to
rwe for a directory / file) but to the database access, but can't find
anything about it. Is there a good (beginners) guide to privelages?
Any just incase, I did RTFM, but there are many versions which make it
confusing on who is right.
Thanks
Dariusz