Don't run the MySQL daemon as the Unix root user.

Invest in a firewall

Check whether unnecessary host can access database using command "shell> telnet server_host 3306".

Password protect your database account

shell> mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD('new_password')
           WHERE user='root';
mysql> FLUSH PRIVILEGES;
or shell> mysqladmin -u root password new_password;

DON'T EVER GIVE ANYONE (EXCEPT THE MySQL ROOT USER) ACCESS TO THE user TABLE IN THE mysql DATABASE!

The GRANT and REVOKE commands are used for controlling access to MySQL. Do not grant any more privileges than necessary.

shell> mysql --user=root mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO user1@localhost
           IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO user1@"%"
           IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

Do not keep any plain-text passwords in your database.

Instead use MD5() or another one-way hashing function.

Do not trust any data entered by your users.

A hacker can enters something like ``; DROP DATABASE mysql;'' to destory your database.

Check user input data.

PHP: use the addslashes() function to quote user import.