I have a question about comparing the security risks for two methods of connecting to a database with PHP. The DBMS is MySQL.
Option 1: Include the mysql_connect and mysql_select_db commands within the script that manipulates the data from the database. Option 2: Include the mysql_connect and mysql_select_db commands (along with usernames and passwords) outside the Web tree, but have the script run from within the Web tree. The script would use a command like file() or file_get_contents() to get the information from a text file outside the Web tree. My belief is that Option 2 affords a higher level of security than Option 1, but I wanted to make sure. TIA. Dennis
