I am setting up a web site in which contact information is stored in a MySQL database from form submission. I am concerned that because the username and password are hard coded into the page to access the database anyone would then have the information neccessary to do whatever they wanted to on my MySQL server. I was wondering if there was a better way than leaving my username and password for the whole world to see or maybe I could create a user with limited priveleges to stop this? Anyone who has a better way of doing this that could help would be much appeciated.