if you are looking at it from a security angle - although nothing is perfect - i generally only write stored procedures, the 'web user' is given EXECUTE permission only.
i then call the stored procedures from the php script, additionally i only use php prepared statements with parameters. any input from the webinterface be it from a form or from the url itself is cleaned rigorously and as precisely as possible, eg. if i expect a string as a parameter value that can only be a-z and with a maximum length of 24 characters, then it is tested for this before being used, the stored procedure would also be set up to accept a VACHAR of maximum length 24 and so on.
at first this takes a little longer but after a while it is a time saver, especially if you call the same stored procedure in multiple places in your website, as you can tinker with it to optimise it without having to change your php scripts at all.
additionally stored procedures are saved in the server cache the first time they are used (since MySQL restarted) and thus actually are faster on subsequent uses too (actually the server cache is whatever size it is set to, and when full, memory space used the longest time ago is reused if required, so if the stored procedure isn't called very often it could get uncached)
the other advantage of stored procedures is that with one procedure you can do many database queries all with one call from php, which otherwise might have required multiple requests to the MySQL server from your php script - thus making your pages a LOT quicker.
if you don't want to go as hardcore as this, then what robzilla said is gold
You only have to assign the privileges you explicitly use
if your web application only uses SELECT statements in the frontend, only allow the 'web user' SELECT permissions, also be aware you can set permissions on a table by table basis, only allow permissions for the table sthat the 'web user' actually uses.
*** IMO even a basic website should have at least 2 MySQL users, what i call the 'web user' which is basically the user that builds the front end web pages and the 'admin user' which does admin area stuff - which only the webmaster would do. give both of these users only the permissions each needs to do its' tasks (it makes sense to have a third user, with greater permissions that maybe you use to connect to phpMyAdmin or Workbench or whatever you use to admin your DB)