Reread your question, and with regard to the mysql part of it, you can
place the db connection information in a separate file. Make sure you
validate/sanitize any input given by the user - use
mysql_real_escape_string along with your other input cleansing
functions.