Is it secure to use a PHP file with connection parameters, and include that file to the page?
example:
include("connect.php");
connect.php:
$con=mysqli_connect('localhost','root','','database')
or
die(mysqli_connect_error($con)."- In line: ".__LINE__);
mysqli_set_charset($con,'utf8');
Yes, because the include is happening server-side. You should look up some information about server-side programming and client-side programming!
Also MySQL functions are officially deprecated and MySQLi or PDO should be used instead!!!
Yes, this is fine though it might be better if you used require() so that if for whatever reason including the connect info fails, the code execution stops. include() will continue to execute the script even if the command did not succeed, which can cause error information and/or information only required if a connection is successful to be exposed (not generally recommended).
For even more security, you can move the connection info file out of the public web root (e.g. if web root is /home/data/files then moving it to /home/data then including /home/data/connect.php or ../connect.php - if your web host allows this). This will mean it cannot be accessed via HTTP.
