I have designed a database cinema booking app. I expect to get quite a few visitors. In the connection to the database, I user a standard user/password combination.

How can I ensure that this username/password combo has no privileges for example modifying/updating/deleting the db? Can I do this in phpMyadmin?

And I also keep reading about placing your connection files in the top layer or something, in the event that the site goes down.

What does this mean? And how do I do it?

Thanks for the help...