Basically I want to connect to a remote database, and for obvious reasons I don't want users seeing my db name and password. I know scripts such as VBSEO do it. So how to?
Do you need to run the ioncube scripts on your server, or is it a one type encrypt/decrypt kinda thing? EDIT: Looked into it, and I ain't paying to encode one line of PHP for a non profit script.
Why would they need to connect to the database? An alternate way to do it would be to use something they know (such as a user/pass when they sign up with you). Send that back to your server, and on the page they request, output whatever you need from the database (etc). Or even use something simple like file_get_contents('http://you.com/request/username/password'); PHP: (or even go further and instead of using a password, use some sort of key for their account. There'd be a lot of security issues allowing other people access your db.
Are you going to be reading and writing from the database, or just reading data? If you are just reading data, you could create a MySQL user that only has read access to your DB. That way the user and corresponding data would be isolated to your client. -Bing
Keep in mind that PHP is opensource, as are all of the libraries that is uses, and therefore insecure by design. Granted this is not quite as easy as seeing the details staring you in the face from unprotected code, but to expose the username and password for your database someone merely needs to intercept the database connection function in the MySQL library. This is a trivial one line edit to the PHP core, and a rebuild of PHP and a run of the scripts will reveal the information. The same goes for any standard library functions in PHP. Because of the potential risk you should assume that someone with malicious intent does have the details, and design your system accordingly so that it either doesn't matter, or that any potential damage that could be caused is minimal and non-catastrophic as you are otherwise sitting on a time bomb.
PHP code is NERVER made public, when a user acces the page php generates only the layout in html and the DB connections are not send to the users computer! Just dont do echo $db_name . $db_pass and you will be fine!
I always include my database username and passwords in my custom made php script,whether any one will be able to see it?(But php code can't be seen by a user)