| Re: Calling a php file from another on apache server [message #181080 is a reply to message #181079] |
Wed, 10 April 2013 21:26   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 4/10/2013 4:34 PM, Jordan Thompson wrote:
> Hi Jerry,
> thanks for getting back...
>> First of all, do you have permission to issue the exec() function? Many
> *** Yes, because the "hello.txt" file that is being touched in the lower-level file is being created by that file.
>>
>> shared systems have it disabled for security reasons.
>>
>>
>>
>> If you do have permission, is the php executable available to you?
> *** Yes - see above
>>
>> Again, on a shared system, it may or may not be.
>>
>>
>>
>> Finally, if it is available, the second script is going to be executed
>>
>> in the cli environment, not the web. This means the session_start()
>>
>> will fail, as there is no web server involved (well, it may not fail -
>>
>> but it won't do anything). And its output goes to stdout, (which is fed
>>
>> back to the second parameter of exec(), which you are not using, so it
>>
>> is thrown away), not to the web.
> *** I am not getting any errors in either the apache log or the php log, but that would explain why nothing is displaying on the browser. How can I do this?
>>
>>
>>
>> IOW, what you're trying to do is definitely not common, and probably not
>>
>> the right way to go about things.
>>
>>
>>
>> What is it you're really trying to do?
> Fair enough. I want to call a php file that will access a database and return the results of its query into the web page so it looks seamless to the user.
>
> I tried doing this via an include. It worked, but I would have to expose the username/password in a file accessible to the web (under htdocs.)
>
> I tried putting it in cgi-bin (and including it from there), but that did not work because apache correctly won't allow a client into cgi-bin (but calling it from cgi-bin seems to work, but nothing is displayed to the user.)
>
> What is the correct way to hide the username/password from the user (preferably in a single file that is included in various php files) and display the results in html for a browser?
>
Normally, you put the username/password in a configuration file outside
of the web server's document root. Many shared hosting systems allow
you access to one directory below the document root where you can place
other files.
Files outside of the document root are not available via the web, but
are still available to PHP.
You *can* place them in the inside the document root hierarchy, and
include them in PHP. Place the userid and password in PHP code (with a
..php extension - just like any other php file) and the userid/password
will not normally be available to outside users. You can even protect
it from being downloaded with a .htaccess file (on Apache).
The only potential problem here is - I said the userid/password are not
*normally* available. It would take a web server misconfiguration or
other similar error to deliver the php file's source code to the user.
It is a very rare occurrence, but it *could* happen. Keeping the file
out of the document root means the userid/password won't be available to
anyone, even if there is a server misconfiguration.
In either case, then just include() (or, more preferably, require_once()
the file in your other PHP code.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]