If you're using PHP, then I don't think you have much choice but to place your MySQL connection script inside your httpdocs folder somewhere. However, if you're using PHP-FCGI then you can set the permissions on this file to 0400 to prevent anyone else from accessing it. This is the most secure approach.
Alternatively, if you're using mod_php then your PHP files have to be readable by Apache. You can create a file owned by Apache with permissions set to 0400 by using a combination of PHP's fwrite() and chmod() functions. If you like, you can also move the login details to your .htaccess file by declaring them as environment variables, e.g.:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum