to put your database userid/password in a php file in a public directory? I read that it is recommended to put it outside the web directory, but I don't think I have that option with my current web host. Any advice would be appreciated. Thanks
Are you using cPanel/WHM? Why would you put it in a php file anyway? If you mean like a config then it's safe because it's careful of what it spits out. And yes it is safe, as long as you don't echo the details.
Thanks Calon, I am using Yahoo's web hosting control panel... I'm not sure exactly what it is. This is what I was reffering to: <?php DEFINE ('DB_USER', 'userid'); DEFINE ('DB_PASSWORD', 'password'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'database'); //Make the connection $dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die('Could not connect to MySQL: '.mysqli_connect_error()); ?>