I am using include 'include/dbinc.php'; for my database name/password.
is this secure?where can I put this file to make it secure from hackers?thank you
"Secure" can be a relative term.
Your solution is OK if the information is stored as PHP as opposed to text which would be visible to anyone. This is "secure" as long as your PHP interpreter never fails.
The best solution is to store all files except for what is absolutely necessary outside of your public document root.
In most cases using a front controller pattern, the only file that has to be stored in the public root is a single index.php file.
Brad Hanson, Web Applications & Scalability Specialist
► Is your website outgrowing its current hosting solution?
► PM me for a FREE scalability consult!
► USA Based: Available by Phone, Skype, AIM, and E-mail.