Normally you'd not need to protect such a PHP file, as it would only contain constants / functions, therefore if the user requested it, it would be executed, which would not do anything (The user would NOT see the database login details).
However, I typically DO do this - my "include" directory contains a .htaccess with the following contents:
Deny From All
Which blocks all access.
This further guards against configuration errors, backup files, mistakes etc, which might result in the contents being readable.
As a third and final protection, you will probably want to configure your database server and/or firewall such that even IF a malicious user gets the database log in details, they can't connect anyway.
Mark
