What are the potential pitfalls of using include statements in PHP to load files into a table?

One potential pitfall of using include statements in PHP to load files into a table is the risk of exposing sensitive information if the included file contains database credentials or other confidential data. To mitigate this risk, it's important to store sensitive information in a separate configuration file outside of the web root directory and include it using a filepath that is not directly accessible from the web.

// config.php file outside of web root directory
<?php
$db_host = 'localhost';
$db_user = 'username';
$db_pass = 'password';
$db_name = 'database';
?>

// index.php file in web root directory
<?php
include('../config.php');

// Use the included variables to establish a database connection and display data in a table
$conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT * FROM table_name";
$result = $conn->query($sql);

echo "<table>";
while($row = $result->fetch_assoc()) {
    echo "<tr><td>" . $row['column1'] . "</td><td>" . $row['column2'] . "</td></tr>";
}
echo "</table>";

$conn->close();
?>