"The program now creates the config.php file and places it in the folder adm_my_files."
Does this mean that the DB credentials remain in an unencrypted publicly accessible file?
Is that safe? Should it not be stored somewhere above the webroot/public_html?