I have a mobile app that sends data to the MySQL database using PHP. I want to use AES_ENCRYPT function in the PHP file to encrypt my data at the MySQL server. I do not have much experience in data encryption.
Is this method will protecting my data? If not what other methods can I use to secure my data?
I read a tutorial saying the key will be stored in the PHP file, is this method secure and is there any way I can protect my key from being hacked?
This question ultimately leads back to key management - the key has to be stored somewhere. Where you store the key depends on the amount of security required.
In your scenario (you mention university), I would argue that storing the key on your PHP server (not the database server) would be "enough".
Protection of the key then comes back to how well protected that PHP server is.
I recommend you do your encryption in your PHP code, not using AES_ENCRYPT - this prevents the database server ever knowing what the key is and means that a breach to the database server will not expose any information.
You may also be interested in this repository that demonstrates how to securely encrypt and decrypt data in PHP.