Welcome to WebmasterWorld Guest from 220.127.116.11
One major thing I have heard is that it is bad to have the MySQL connection details in the same folder as the website. I have a file called conz.php with password, user name details etc which I include in every page.
As I'd expect if I view the source of any of the resultant pages I don't see this info. Is there a way that someone can see this info?
Also I heard that if someone includes my webpages in theirs they can wreak havoc with my database. Wouldn't they need to know my table names etc to do that?