How to get variable from php file from browser string?

V

vinescope2014-04-03 13:59:00

PHP

vinescope, 2014-04-03 13:59:00

If you go to vinescope.com/architecture/, there is a connect.php file that contains data for connecting to the database. In general, the contents of the file looks like this:

<?php

$DB_username = "scriptbu_dlol";
$DB_password = "newpassword1";
$DB_name = "scriptbu_dlol";
$DB_hostname = "localhost";

$DBobject = mysql_connect($DB_hostname, $DB_username, $DB_password) or Die("There was a problem connecting to your Database Server");
mysql_select_db($DB_name, $DBobject) or Die("No such Database exist on your server.");

if(!get_magic_quotes_gpc())
{
  $_GET = array_map('mysql_real_escape_string', $_GET); 
  $_POST = array_map('mysql_real_escape_string', $_POST); 
  $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
else
{  
   $_GET = array_map('stripslashes', $_GET); 
   $_POST = array_map('stripslashes', $_POST); 
   $_COOKIE = array_map('stripslashes', $_COOKIE);
   $_GET = array_map('mysql_real_escape_string', $_GET); 
   $_POST = array_map('mysql_real_escape_string', $_POST); 
   $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}

include("settings.php");

?>

Since the script is free, I am interested in such a security issue, is it possible to get the variables DB_name, DB_password, etc. from the browser line by making a request?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Snewer, 2014-04-03
@Snewer

Free means nothing. No. But you can work on protection against injections

H

hadra, 2014-04-03
@hadra

Roll it into class and there will be no problems

Z

zooks, 2014-04-03
@zooks

In this case, you can't. To increase security, it is better to make sure that the 'scriptbu_dlol'@'localhost' account has limited rights.