Skip to main content
R
Community Expert
Rick GerardCommunity Expert
Community Expert
August 19, 2009
Question

Wisdom of keeping PHP scripts embedded when submitting forms

  • August 19, 2009
  • 1 reply
  • 1666 views

I was wondering if it would be more secure if the php scripts I'm using to insert user names and contact info into my database would be more secure if the code was moved to a new page called insrtRecord.php and the form action were changed from action="<?php echo $editFormAction; ?>" to action="/Scripts/insrtRecord.php"

The page was constructed entirely with Dreamweavers built in behaviors so all the code is right there in the contact page for anyone to look at.

I'd then password protect the Scripts directory that contained the insrtRecord.php file to keep it from prying eyes.

Thanks for your advice.

This topic has been closed for replies.

1 reply

B
bregent
Participating Frequently
August 19, 2009

I'm not sure I am following you. If it's a server side script, then what is there for prying eyes to see? If the script is all php, they will see nothing in the source code. Also, if you place the script in a password protected folder, won't it prompt for the password on execution?

R
Community Expert
Rick GerardCommunity ExpertAuthor
Community Expert
August 21, 2009

The question came to mind when I was in an office of a guy that specialized in SEO. He took a look at my site, checked the code, and I was sure that I saw some PHP tags pop up.

My Connections folder with the database un and pw is in a protected directory and there's never a call to put in a password when a page connects to the MySql database. This leads me to believe that I can protect all my PHP scripts.

Since no one has responded I think I'll give it a try using includes. This may make my coding a lot easier.

Thanks for the reply.

DwFAQ
DwFAQ
Participating Frequently
August 22, 2009

As it's already been mentioned; server side scripts are processed on the server and can not be seen on a visited page. There's no need to put your connection file or any other script in a password-protected directory. Which makes me wonder what field your community expertise is in?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices