My web server doesn't support uploading .htaccess file. Is it ok if my database login information is present in my php file that I use for database connection? How can I prevent anyone from getting access to my database login information?

Usually, it is not a problem as long as the file is something like config.php - and you don't echo it out in plaintext. One important note is to ensure that error messages are turned off what you are running the application live. Sometimes a lot of info can be deduced from error messages.

Usually, it is safe enough to place your password in a php file. However, for additional security, you should place it outside of your public_html folder.

I don't understand the instructions on this....

http://tools.dynamicdrive.com/password/

Is there an easier way? I noticed borris83 mentioned PHP. Can you link me to something easier or the way borris did it?

Thanks.

AFAIK, htaccess protection is the type when you enter a website, the web browser (not the web page) pops up a dialog box to ask you to enter your password and user-name.

You just have to type in the name and password, and upload the .htaccess file to the directory that you want to protect. (or edit the existing one, because you may have some directives in the existing .htaccess and you don't want to over-write).

IMHO, if you web-host gives you cpanel, it's better to use that to play with user protections.

You really should store any sensitive information outside the document root. Unfortunately some web hosts don't provide access to directories above the document root. And I guess some don't allow the use of .htaccess files.

If you are not dealing with any sensitive information, do whatever. If you are, you should switch web hosts.