I know this is kinda on the lines of hacking. I would like to know if there is anyway the viewer of your site without access to the server would be able to get the contents of a php file?
Or to be able to grab a variable or something using some sort of injection?
I am asking because I need to secure an flat file account system I am creating if you know of a way and don't want to post it but are still willing to tell me email or pm me please.
It depends, but generally no, it's impossible to view the source of a php file or display/change a variable.
For the flat file system, it's perhaps a good idea to save your files outside the web directory.
K what would you say is more secure then saving information in a php file or in a mysql database? Because I have heard of people getting into mysql databases thats why you encrypt stuff.
Because, I always thought flat files were less secure then databases but it now looks like there the same or less secure then flat files
I'd say both the database and file system can be as secure as you want them. I find it easier to secure a database (less details to worry about) and, at the same time, provide editing capabilities to the users.
So there is no way for a user who has no access to the server to access a php file on a server.
Ya ok, thanks I wanted to have the thrill of hacking my own scripts but it appears there secure enough which is a good thing but would have been fun if i could.
Anyways thanks for all your help but I know how we get into the php scripts they just open the files using php and allow us to edit them.