The normal way of doing that is to include() the php code that contains the connection information. For added security, place that php code in a directory that is not accessable from the web. This also means that all the connection information is centrally located, making changes a simple matter of changing one file.
Also, unless the server screws up, any php file is not directly available from the web. It should always be parsed by the server, so the username and password are hidden anyway.