I am concerned that passing my DB Connection string from file to file is a security risk...

The actual DB Connection string is located in mysqli_connect.php...
PHP Code:
    // Make the connection.
$dbc = @mysqli_connect(DB_HOSTDB_USERDB_PASSWORDDB_NAME)
                OR die(
'Could not connect to database.  Contact System Administrator.'); 

Here is where I fear that I am doing something insecure...

In profile.php script, I include this DB connection like this...
PHP Code:
        // Connect to the database.
require_once(WEB_ROOT 'private/mysqli_connect.php'); 
And then farther down in that same script I call this function...
PHP Code:
            // Get # of Posts.
$numberOfPosts getNumberOfPosts($dbc$id); 

The problem - as I found out last night - is that I can't require the DB Connection from inside my Function, so it looks like I have to pass it as an argument to my Function as seen above.

I am concerned that I am passing my Database's Username and Password for all to see in plain sight by doing this?!

I need some serious help/advice here!!