I'm an iPhone developer, and I've just started out with PHP & mysql (making websites for others, and web services for my apps).
Whenever I hardcoded my username and password into a PHP file to connect to the database I felt a bit odd. Example:
$con = mysql_connect('localhost:8888','root','password');
For scripts that are going to be redistributed it would be better to group these together and either have them as constants or variables.
<?PHP define('DBHOST', 'localhost'); define('DBPORT', '8080'); define('DBNAME', 'my_db_name'); define('DBUSER', 'root'); define('DBPASS', 'password');
<PHP include('config.php'); $con = mysql_connect(DBHOST.':'. DBPORT,DBUSER,DBPASS); mysql_select_db(DBNAME, $con);
Doing this will make it easier for someone to make changes in the future instead of having to trawl through code to find where any connections are made etc.
For slightly better security the config.php script could be placed outside of the doc root so that it cannot be called directly.