How do I make my database connection secure?

Question

I\'m currently working on a website for my church\'s college group, and am started to get a little worried about the security of what I\'m writing. For instance, I use this

Answer 1

There are precautions you can take. Create a mySQL user that is specific to what your application needs to be able to do. This can limit the amount of damage an attacker can do if he's compromised your username and password. For instance, allow the user to insert, update, select etc, but NOT drop, etc. Further, as cletus mentioned, the database should not be accessible to the outside. On shared hosting environment, this usually means the db can only be connected to from your www server or localhost.

Re: kalpaitch, don't pass your password around in some reversible hash. People should never see your source.