I have been looking for a clear answer to this question.
I am familiar with PHP but not completely comfortable yet.
I've built a small site that adds and removes newsletter subscribers (mysql) on a remote host. I am starting to understand that i need to always check people's input, regardless. And I know that the PHP engine won't output the code to the screen but should i place my scripts in my server's CGI BIN for security? is there another place that is better?
Currently I keep DB connect info outside thw WWW root as an include and I use .htaccess to restrict indexes and such. Is that enough?
thanks!
matt
