Welcome to WebmasterWorld Guest from 126.96.36.199
One major thing I have heard is that it is bad to have the MySQL connection details in the same folder as the website. I have a file called conz.php with password, user name details etc which I include in every page.
As I'd expect if I view the source of any of the resultant pages I don't see this info. Is there a way that someone can see this info?
Also I heard that if someone includes my webpages in theirs they can wreak havoc with my database. Wouldn't they need to know my table names etc to do that?
usually simple include will not work, as it will include already parsed file,
What you could additionally do is put the include file to another folder, and with .htaccess further restrict access to it.
but the pages are not there, only main folder.
it will not ask for password