On Thu, 2008-07-17 at 10:41 -0400, Daniel Brown wrote: > 9.) NEVER store passwords in a PHP script. Instead, store them in > a file named `inc/config.inc` in the web directory, and include them. Dude! You forgot the most important bit: inc/config.inc: $dbusername="root"; $dbpassword="r00t"; //By combining letters and numbers, this password becomes unhackable It's important to also set your server root password the same as your DB password so that when you hand passwords out to your outsourced developers, secretaries, tea ladies and janitors they can have full access to the system and don't waste your time setting up permissions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php