Well, if you're determined to hand-update your database by forcing yourself to manually type your db's ID and password each time, then by all means write to a delimited file first. However, that solution isn't typical; there are a number of ways to secure a database password in a CGI environment, the most common approach being putting the ID and password into a file that is outside of your web server's root directory, setting the appropriate permissions to limit access, and then 'INCLUDE'-ing or "USE"-ing the file into your CGI. It all depends on your level of paranoia.