Unity to PHP/MySQL: password and username security

Hello everyone!, Im making a connection between a Unity webplayer and a PHP/MySQL database.

Where should i place my database info such as the password and username(the ones that you need to log-in into a database)?

Should i put it directly into my PHP script? what if someone found out the URL, is it possible for them to sneak into the PHP codes?.

or I should put the info in the Webplayer Build as a public variable(enter the value through Inspector)?

If you put it in the php code, it doesn't leave the server.

Use the `mysql_connect("localhost", username, password);` command to create a connection to your database in a php script. I use a seperate connect.php file, which you can then include in any php script that needs to connect to the database.

Putting the database connection info in the webplayer or stand-alone would be a very bad idea. This would mean that you have to transfer that information from the clients machine to the webserver. Anyone using your build and anyone able to intercept the connection would be able to sniff out your database login.