Just a quick question to do with PHP/MySQL (more will probably follow as I am a n00b when it comes to web programming): what is the standard method used when dealing with a MySQL password? I followed the tutorial from W3Schools about how to connect to a MySQL database using php blah blah. They say something like this: If you put this in whatever page you want to connect to the database then the username and password are visible to all if they view the source, i was thinking of having a file on the servers hard drive (but not uploaded) and read the username and password via that? Good idea or not? How do most websites beat this?