Working on a mobile app that needs to use a public API for accessing a database (but this won't affect the question).
Anyway, I am using PHP with MySQL and the Android/iPhone app will make POST requests to the PHP files. I am creating the connection to the database and wanted to create a class to do it. However, I am unsure where to put actual login credentials for the database.
I saw mention of outside the webroot so it's more secure. Should I then create a database class inside /lib that handles the connection and includes the config.inc.php file? Or do you guys recommend something totally different?