If my scripts via codes are somewhat special as in exclusive to and for me only, I would MD5 my passwords(text boxes if any) and encrpt it with mad dog. But thats be.

They're for the whole thing. I thought about using a hash that's so long it'd be difficult for a human to copy, but that still doesn't prevent machine copying.

Try this. You can always use a file that is stored outside to the Web site tree on your server. The file can contain the entire command to open the database, including the database name and password. You then include that file in your Web script using the server path (not the Web site path). Files stored outsite of the Web site tree are not accessible via the Internet.

Heres an example of a call to a file above the Web site tree on a server:

require_once ('/home/mysiteaccountname/temp/DB01.php');


Here is what is in DB01.php:

mysql_select_db('myDatabse', mysql_connect('localhost','myUserName','myPassword')) or die(mysql_error() );

Files that are stored outside of the Web space cannot be read from the Internet, but they can be read from a script within the site's Web space. This means your PHP program can read it, but someone using your site should not be able to get to it. All the important info about your database is out of the reach of the bad guys.

If you want to add an additional level of security, them encrypt the password as well.

Can you please try the following or something like this?


OR


In both the occasions, one has to put this file outside the web root.

Thanks.