This is actually not a Flex issue, but one of php. There is nothing Flex can do to prevent a publicly-accessible php page from running when accessed via a browser.
You will need to find a way for your php scripts to authenticate that the user and/or your flex app are authorized to view the information. How you go about this depends on how your flex app and your php scripts work.
Thanks for your reply. Well basically my php scripts are the simple default ones that are generated when using the Flex 3 Builder wizard to connecting to a database with php. I'm not a php guru but I'm trying to learn. So if you are familiar with the "canned" scripts that get created during the Wizard process then that's exactly what I have to work with. I've been told that a 'sessionID' is the way to go, however I don't know how to implement that in my Flex app. If I had a code example of how to create one (via a cookie or something) upon a successful login I could try a few things.
Sorry, I've never used the wizard-generated scripts (but I can imagine what they contain).
If you're talking about php sessions - they in themselves will not provide the solution you are looking for. Your php scripts will still need to authenticate the request, after which you'd create / manage the session.
You say your users must log-in, so clearly you are authenticating them. You can then pass some credentials (authorization code, etc) along with the request that your php scripts can validate. You need to be aware tha the credentials will be passed as plain text (either GET or POST), so build in the security you deem appropriate.
Like I said, there's no Flex-only solution.
One thing you could do is instead of using the generated PHP file create your own php files to interact with database. You will find loads of them on web.
Make sure you are not using any exho or print statement in the php file.
Other thing is if you can find which system generated PHp file is echoing the output then you can just comment those lines and it would work.