I need to connect to a MySQL database from a java Desktop application. The way I was planning on doing this, was using HTTP to open a php page on my website, that PHP script will handle all the mysql stuff so my MySQL user/pass is not accessable to the client at all. so, my question is, would SSL be required? and also, how could I prevent people from taking the URL to the PHP script and using their web browser to mess things up on the database?
Why wouldn't you just use MySQL user authentication with SSL? Writing your own bridge sounds like it would only cause problems and expose more security holes than you'd otherwise have.
This should probably be on the security site, but anyway.
If you don't want everything you send to the database to be visible to the world, use SSL.
Force the client to authenticate to your server side script before making any changes to the database if you don't want anyone in the world making changes.
Make sure that SQL injection is prevented.
so, my question is, would SSL be required?
SSL helps provide a layer of security, through encryption, which keeps people from hijacking the connection and intercepting what you send (for more information, see: Firesheep). Therefore, while not required, per se, it is recommended. If you have control over the Java app, and depending on your purposes (namely, an in-house application), then you can use a self-signed certificate and package the cert with the app for verification purposes (see: this SO question for more info on self-signed vs CA SSL certs).
how could I prevent people from taking the URL to the PHP script and using their web browser to mess things up on the database?
As with other Information Security things, nothing is 100% guaranteed, but the most common way to do this would be via an API key, especially since what you're describing is an API.
If you're looking for a quick-and-dirty setup, then you can use HTTP Basic Authentication to send some credentials, and use SSL to secure it. For a more robust solution, you'll probably want to look into HTTP Digest Authentication and/or OAuth. What you use will also depend on your specific needs.
You can then code the API key into the Java app, or create a way of generating and requesting API keys (again, depends on your specific purposes and needs), and the client sends the API key with the request. If the key doesn't match what you have "on file", then you deny the request.
A quick note on using an API vs connecting to MySQL directly
A couple of people brought up connecting to MySQL directly. I think this is a valid option, but will depend largely on what you're doing and who you're distributing to (and, for that matter, whether you want to open that database to other clients).
If you have plans to have other clients (such as mobile devices) connecting to this database, or if you don't have control of the database for whatever reason (ie - your hosting setup won't allow you to make remote access available), then it might prove useful in the long run to build an API.
However, if you have no such plans, or do have full control of the database, and you control the source code of the Java application, then directly connecting to the MySQL database is a valid option. Just make sure you follow the principle of least access - the Java application gets a dedicated MySQL user that only has the permissions that are absolutely necessary - and the Java application user has a strong password (and since no humans are involved in this process after you code it, you can use a password generator to create something long and convoluted and completely random).