I've read or heard somewhere that having a PHP file that contains your database connection strings in your root directory is not a good idea. Is this true and if so, where do I move these PHP includes?
it is true but there are a few issues with some host. If you you do not have access above the www folder then you should create another directory and place the config in the and change the name of it. Make sure it doesn't have a typical name like config.inc.php etc. If you have access above the www. folder then stick it there and you will have to access it from an absolute path.
