that's kind of broad. What are you trying to do?

Well I'm making an E-Commerce site, and I am using includes with PHP so it will be easier to update. I just got a feeling I should ask if there is any security issues with using php. Like I use an include so every page will look to a file called connections.php where it connects to the DB. That page has my username and password and server. Should I be using any techniques so they cant find that file?

Does that make sense. I'm new to E-Commerce and PHP

Some interesting reading in this thread [webmasterworld.com]

Thanks :)

I will look over that tonight.

Wes

Since the referred thread is so old an closed, I will add a comment here.
If you really do want to use a variable with include eg. include($a); then one way to protect that variable is to validated the contents of the variable with either preg_match or ereg().

Regular expressions can be a pain to learn, but very powerful once you have them under your belt.
So you use something like;
if (ereg(^[A-Z0-9_]*,$a)){
include($a);
}
else
{
collect data on the hacker for reporting
}

The ereg line only allows for alpha, numeric and underscore, so no 'http://' or '?' or '='.
Using this you can pass a page or menu variable from page to page and not get caught by a hacker.