Most forms of encryption allow decryption with a private key that you can keep separately so as to improve security. So the key may be in your .php pages and the encrypted data in your database. If they just get your database, then they wouldn't be readable, but obviously if they got a hold of the key and knew the type of encryption it would.
I'm not an encryption expert, so I don't regularly read or stay up to date with what is the accepted best option. I think rijndael AES-256 is a pretty common and accepted secure option.