Gudeve,
Can you recommend me a directory in my web server where I should put sensitive files? My htdocs is arranged like this:
XAMPP/htdocs/NewsFeed
The NewsFeed directory have index.php. The index.php file's function is to connect to a database. Now, should I put the database file inside htdocs? Will it be safe?
I am guessing you are using a SQLite database. I do not think putting it in htdocs is a safe, unless you safeguard it (maybe with .htaccess / chmod) in such a way that the database cannot be accessed by others/world.
Database and database connection details (login, password etc.) should be kept outside htdocs directory.
For editing purposes only you can obfuscate the password, have a look at this post: Don’t let them see your MySQL password
If you have a chance to keep it outside then I suggest you to keep outside. If it is protected, a vulnerability may be exploited even at a later time causing some intrusions. So please try to keep it "away"
Don't put a database file anywhere it can be web accessible. One should not be able to download your database over HTTP, and if it's web accessible, anyone will be able to do this.
This ought not be confused with connecting to your database. That's something your script will do.
Place the database in some server directory that is only accessible locally (to the webserver), by your script. ie. XAMPP/db