Hi,
I'm not that savvy with SQL yet - learning as I go...

The way I'm setting things up is this - Flash provides the hostURL (of the database), the login, password, database name, table name, etc...pretty much everything. I have the feeling it might be safer that way, but then...I know nothing. It'd be great if some one can explain the best way to do it, or what the different risks might be in different setups.

I'm pretty sure I can figure how to do everything I need to do with the DB one way or another, but it's really vital that it's difficult to hack.

Thanks for any help,
a.p.

First of all, send nothing to your client that the client shouldn't know, and trust nothing that the client submits to the server. The database login/password is a classic example of something the web client has no business knowing. Secondly, the following site provides a good overview of all security gotcha's related to PHP, and how to work around them:
http://www.securephpwiki.com/index.php/Main_Page

Thanks for that link and for the info. exactly what I needed.

Cheers,
a.p.