Best way to do it is by keeping the username and password in a file that is outside of the document root. So the document root would be /usr/local/apache/htdocs/ and the file with the password in is stored in /home/mysql/passfile. That way the web browser cant get access to it but the PHP can.
Mark.
