How to safely store a password inside PHP code?

Question

How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?

Is:

Answer 1

Your PHP code will (baring configuration errors) be processed on the server. Nothing inside the ; blocks will ever be visible on the browser. You should ensure that your deployment server will not show syntax errors to the client - i.e. the error reporting is set to something not including E_PARSE, lest a hasty edit of live code (admit it, we all do them :) leak some information.

Edit: The point about storing them in a file outside the document root to avoid exposure if your PHP configuration breaks is certainly valid. When I used PHP, I kept a config.inc file outside of htdocs that was required at runtime, and exported configuration specific variables (i.e. passwords).