If your web gets flooded, it would still flood the game server by trying to access the database remotely.
To create a further layer of protection, I would make a cached middle-layer between the web and the game-server, so you don't access the database too frequently (besides crucial functions like login, create stuff, etc.)
Now since you have a middle layer, you don't have just to leave the 3306 port simply open. You can add further security, by opening the 3306 specifically to the middle-layer IP.
Then, you block the middle layer to be accessible only via the web server. (Maybe Cors)
As a final result:
The website is fully accessible.
The middle layer is only accessible via the website.
The middle layer protects frequent (flood) access to the game server.
3306 port on the game server is only accessible via the middle layer.
Note:
I would open PHPMyAdmin on a different port, and block that port to specific IP addresses. Opening 80 just to access it is not optimal, and opens short periods of vulnerability.