I have a php/mysql website. What is the best way to secure my database? One recommendation is to store the database connectivity script outside of the web root directory. Can I do that with my linux starter hosting plan?

Hello,
you can definitely store the database script outside the web root. Just make sure to include the full path, including the vservers. Additionally, once you have reached the production stage of your application, I would recommend disabling the output of errors in the control panel. Sometimes even if you keep the database connection information in a separate file, it can still be displayed if errors are on. Another thing I would recommend is to replace any >'s or <'s with &lt; and &gt; respectively from user generated content. If they can get your server to display html, then they can potentially not only change around the visual look of the page, but also, they can steal your user's sessions. Finally, be sure to properly quote any user inputted text that you use to query the database. Once, a user deleted a whole table of mine by typing DROP * in a text field. I recovered the table, but learned that even if my database is secure, users can use my application to do great damage to the database.

Thank you for the advice. Host My Site should be able direct me on how to place this file outside the webroot.