you would use localhost as the host name.
you’d use CPANEL and then Databases (I think it is marked that way). you’d then create a database and then you’d create a user and password for that user and privileges for that user. you’d then assign that user to the database.
you can then use the user/password combo with localhost or 127.0.0.1 as the host name in your scripts.
guelphdad was saying that in PHPMyAdmin or in CPanel (depending on the way your host sets up the database management) you should be able to created database users where you will create users with usernames and passwords as well as assign database permission for each user.
You are advised to create a user that has only the minimum amount of permissions that your application needs. You will then use this user for the Database user and associated Database password with the local host being 127.0.0.1.
If on your local machine you create the same user as on your host and they both have the same permissions then when you code locally you can simply copy the PHP and upload content to MySql on your host and it will work. As it stands right now you will have to change all your local database connection strings with username and password before you upload them to your host (or edit the database connection strings through the file manager is CPanel).
Running as root is considered bad practice in Linux as it means if anyone ever hacks the Linux server has full unabashed rights to do all sorts of dangerous stuff, also full root does not challenge when permissions or rights are changed. In Linux (which is most likely the type of O.S. running on your free host) a user normally uses ‘sudo’ to perform admin functions - in other words they temporarily take admin capabilities for the specific task being performed, but if someone hacks their user then it is typically not as dangerous as root.
The Linux operating system has users and rights which are not related to MySql users and permission. For example a Root Linux user can have no or very limited access to a MySQL database running within its’ own system.
To your questions:
You or may not be using a ‘lets call it an’ admin account on your free host; it depends what database permissions are given to this user:
This user could be granted full admin rights, which would be a bad idea to use this database users in your connection information.
A MySql can be granted user permissions, database permissions, and host permissions. A user that has:
User Permissions:
[LIST]
Access from ‘Any’ Hosts (any location remote or local)
Permission: Select table data, Insert table data, Update table data, Delete table data, Create tables, Drop tables, Reload grants, Shutdown database, Manage Processes, File operations, Grant privileges, reference operations, Manage indexes, Alter talbes, Show databases, Superuser, Create temp tables, Lock tables, Execute, Slave replications, Client replication, Create View, Show View, Create Routing, Alter Routine, and Create User
Database Permissions: Can access ‘Any’ database from ‘Any’ hosts with ‘All’ permissions
Hosts: Can Access ‘Any’ databases from specific hosts (say 172.16.0.172 or myfavouritedeveloper.com) with ‘All’ permissions
[/LIST]
A user with all these permission would have ‘Super User’ abilities. This is why I said that your 'b2_12345’user may be set with some or all these permissions. You will likely have some control of some of these permissions in your CPanel; although hosts differ in what control they give to you.
Answered above.
Knowledgable hackers can do a number of security driven ‘vector’ attacks on your php application that can expose your database connection info. If your user has full rights then they can reek all sort of havoc with your database; they could hack your database, or maybe run another MySQL spam database from your account.
There is no ‘generic’ user in MySQL. The rest of this is answered in Q2
Understand what rights a user needs with your applications and run a user with just the permissions required to run your application. For example, if your application only requires the ability to Select, Insert, and Update then you create a database user with only these rights and use it in your connections string. The other important part to your security is understanding how your host secures MySQL, you might want to ask them what security measures they use. You could research what they told you to ensure they are following best practices and appropriate security measures.