When writing out the connect code to the database isn't it wide open for anyone to view my database username and password? Couldn't they then connect and alter my database? It just seems strange to type out my username and password and not be encrypted.
mysql_connect(localhost, user1, correcthorsebatterystaple)
I know the source isn't viewable when you right-click view source. But if someone created a quick html page with ahref=mywebsite.com/connect_file.php then they right click and download that they can view my PHP code along with my username and passowrd, right?
PHP is executed on the server and outputs HTML to the client. So the client can never view the PHP source. So you don't have to worry about you passwords safety in those files