How secure is storing your MySQL connection data in a separate file?

Storing your MySQL database connection information in a separate file is secure and safe as long as you follow best practice:

  • The file must have a .php extension
  • All the connection information should be inside your PHP code, and none of it should be output to the browser.

If the file has the .php extension, it will be run as server code and is not visible to any would-be snoopers as there is no client-side output.

You can test this yourself by pointing your browser to your connection file (e.g. www.yourdomain.com/yourconnectionfile.php).

Make sure there is no browser output and check the page’s source code. If it is just a blank page then all is good.

If you see any of your connection data, you will need to check the above two points have been implemented correctly.

A further recommendation would be to locate the connection file in a folder that cannot be accessed publicly. Often, this can be a folder on your web server higher up in the tree that is accessible to the scripts but not the public.


If you want PHP tips and tricks delivered directly to you, make sure you sign up to my newsletter: