mysql passwords Connecting to MySQL with PHP

Question

In tutrorials for Connecting to MySQL with PHP you see something similar to the below.

$pdo = new PDO(\'mysql:host=localhost;dbname=mydb\', \'myuser\',\'mypassw         


        

Answer 1

There really is no way around it. Just put that line in a mysql_connect.php file and include() it, so it's not on your source pages.

This way, even if someone is looking at your source, the password won't be immediately available.

Make sure your database permissions only allow that user certain privileges on the database, so even if the password is compromised, they only can modify things in that one database.