I'm just curious, is it considered unsafe to use the "root" user name for your databases, whether or not you have a separate password for it? Also, if you put your password in your PHP scripts in order to connect to the database, would that make it vulnerable to other people? Is there a way to connect without using your password directly in the file?
As long as you have "localhost" as the only access host (or something like that), only scripts on the server can connect to the database.
And as long as your script doesnt have any security holes, like allowing mysql queries to be executed via the script, I dont see how it matters if you have the pws stored in the php file (you need to have them somewhere, and php files cant have their source viewed), or if you use the root account.
If you run commands on the mysql database as root then its inherently unsafe. Suppose your script has some SQL injection vulnerability then your ENTIRE database is at risk since root can operate anywhere on your database. Instead, I suggest creating a limited user account with previleges which has restricted access to certain tables in your database. In this case, even if your script has a vulnerability then you will be risking only certain tables and NOT the entire database.