i've been reading up a bit on code injection, and it has raised an important question. Do i need 2 seperate accounts for my mysql database? one for me to use to update it, and another for the website to use which only has the ability to read the content but not to write to the database. if this is so, does anyone know of a webhost which provides mysql and also allows more than one 'user' for the database, as my current host only allows one account. thank you karl
You only need two myswl users really if you have a dedicated server or one that you control. the idea is to NOT use the root account for mysql and instead create a user called mysql or whatever that has only the minimum permissions needed for mysql administration. As you are on shared hosting I imagine? your host will probably have already setup your mysql user with only minimum required permissions....
99% of the time you'll be updating your db through some sort of web based UI. So if this is the case for you, you won't need another user.
so there is no particular risk of having the username/password which allow read/write access to my database in my php scripts? i would have thought it would have been better to only allow the user permission to read the content.