Hi all, first post after poking around and bumping into a few things - I think I'm having fun so far. Very new to everything here so please be kind! Scenario: I have a decent MySQL database (1000+ items) that I will filter by location to display on a map. Wrote my first php and it works fine. That php file is currently sitting on my desktop. The MySQL database is on a hosted server. I have 2 questions: 1. Is there a 'best practice' place to locate the php file on the server? I'm reluctant to upload it to a location that's publicly accessible (eg http://www.domain-name/secretstuff.php) because it has my database username and password sitting in there! 2. Assuming that there is such a location, what URL format do I need to use to point my app to that php file so it can grab the data I want? Does http://www.domain-name/ automatically mean http://www.domain-name/public/ or would something like http://www.domain-name/secure restrict unauthorised access? I know these aren't 100% Buzztouch questions and I am showing my very low level of understanding here but any thoughts would be really appreciated. Cheers

It sort of works like this: PHP is an interpreted script language, meaning the code is not compiled; it runs as a script. So I understand your hesitancy in putting your config information in a public place; it's not compiled like Xcode or Visual C and other languages. However, PHP script isn't shown in your "output" page, only the text it's told to output. If my php file looked like this: <?php echo("<html><head></head><body><Hi There!</body></html>") ?> Then all the user would see if they chose to 'view source' would be: <html><head></head><body><Hi There!</body></html> and none of the php. Still, leaving nothing to chance, what Buzztouch does (as well as a lot of other folks, myself included) is we create a separate config.php file for the database credentials, similar to this: <?php $dbhost = 'database host/domain'; $dbname = 'database name'; $dbuser = 'database user name'; $dbpasswd = 'database password'; ?> and keep it away from prying eyes. Then, in your 'regular' php script, include the config file: <?php require_once("../path/to/config.php"); // more code and stuff here... ?> This adds a small measure of security, as well as the convenience of not having credentials in each and every script on the server. Mapping a directory to a url is usually done in a couple of different ways: 1) Via your Host providers configuration panel. 2) Via an '.htaccess' file (and mod_rewrite, usually) A Good 'general' site for getting a grip on PHP is: http://www.phptherightway.com and for learning simple concepts, I really use http://www.tizag.com quite a bit. Hope this helps! Cheers! -- Smug

Thanks so much Smug, really helpful. I'll give it a shot! Cheers Paddy

Thanks so much Smug, really helpful. I'll give it a shot! Cheers Paddy

Thanks so much Smug, really helpful. I'll give it a shot! Cheers Paddy

I found this thread on a google search. Thank you for writing this Smug! It is easy to see why you have moved so high in the Buzztoich rankings!