I had to make some .php lines for a project for me and a friend. I will post the sources below. I was wondering if the users visiting my pages would be able to fetch my database infos from my source. If yes. is there any ways to prevent this.
my admin.php http://pastebin.com/K4hhrJK1
my index.php http://pastebin.com/kmiQBF94
Sorry for the pastebin links. I've tried for the last 15 mins to get my .php code to show in a code box wich didnt work, it was actualy showing parts of the html on the thread.
The best way is to not have any connection info in your front end code. Create classes and let the classes do the database work. Create a database.php with all of your connection information and include that in the files with the classes.
If your web server is properly configured, then visitors cannot see the PHP source code, and therefore cannot get your DB credentials. But there are many ways to mis-configure a server to make it possible.