I'd recommend being careful about compiling the login information for MySQL into the code. It may be paranoia, but I always feel that anything that goes into the code can be retrieved from the code. Since the user you're using has to have rights to update your account table, it's something you really want to protect.
The way I've seen a lot of them done is that they interface with a back end (other than MySQL) that does the database authentication for them. That way any code authenticating to the back end is client side...but if it's compromised all you have access to is what a user would have access to, rather than what a DB writer would have access to.
If you're not good at client/server programming (I'm sure not), the way that I did mine was using a backend web interface that the user authenticates to. It's just a bunch of PHP pages that return error/success codes. Not to say that's the best way to do it, client/server apps are much more elegant...but it works with little effort.
|