IOS app - any service (I guess it's an API) - mysql (db server)

Thanks for the awenser! Actually I've found this way to connect to a db using server-side PHP, but I don't actually know a lot about it and I thought having my db username and password at a PHP file in my server wasn't safe. Could anyone access this PHP file and would it have the db username and password in it? Or is there a way to make it safe? Thank you!!

Because PHP is server side code, whoever accesses it only sees what the PHP file returns to them. This means that 'view source' or the like will not show any PHP code which keeps your details safe.

What I have done in my iOS code to make it a little more secure is add a header to my post:

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:@"http://yourWebService.php"];
[request setValue:@"insert a unique API key here" forHTTPHeaderField:@"myAwesomeApp"];

Then in PHP, you can check if this header exists. This will stop anyone random who has grabbed your PHP url and means it's either coming from your app or someone has gone to the effort of decompiling your app to get the key. It's not massively secure but does make it a little more of a pain for them.

$authorised = false;

foreach (getallheaders() as $name => $value) {
    if ($name == "myAwesomeApp") {
        if ($value == "87hq349fn98ehpvmq34gpn9w8k90dfg3")
            $authorised = true;
    }
}

// I also had to add this, to be able to get the headers...
if(!function_exists('getallnewheaders')) {
    function getallheaders() {
        foreach($_SERVER as $name => $value) {
            if(substr($name, 0, 5) == 'HTTP_') {
                $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
            }
        }
        return $headers;
    }
}

Sorry, realised this turned into a massive comment.. :)

Thank you!! Now I'll start building this ios-php-db system :D. If I have some kind of issue with it, I'll let you know :P. Thank you for your attention!!