1.

Managing users, passwords and privileges (grants) is all done in SQL. In fact all phpmyadmin does is add a pretty interface on top of the SQL itself. But SQL is pretty easy to learn and all documentation you might need is online.

An example

Create a database "trainingdb",
Create a user training with password letmein (a very bad password to use in real life)
And give that user all rights on the above database (too much, but it means the user has no rights on other databases - You can be much more granular)

[pre]
CREATE DATABASE trainingdb DEFAULT CHARACTER SET = `utf8`;
GRANT ALL ON trainingdb.* TO 'training'@'localhost' IDENTIFIED BY 'letmein';
[/pre]

You can also create a user and grant privileges in separate commands, manage passwords etc. The above is the quick way to do it all in a couple of SQL statement.

Ref:
[dev.mysql.com...]
[dev.mysql.com...]
[dev.mysql.com...]

2.

I'm not entirely sure what you mean by "Secondly, if a website does not offer PHP Admin".

IMHO phpmyadmin should not be on production systems.
The question more to the point is however; does your server have (on the same or on a different machine) mysql available for your use ? If so and I'll assume that you 're not going to be managing that mysql: aks those who manage it for the details.

Once you have created a table on your test/home machine, use

SHOW CREATE TABLE tablename;

That shows you the CREATE TABLE command you can use on your production database to create the table (without content) without a gui to help you.

Running a webserver that has a backend database that's at home (I'll assume over a typical connection) doesn't sound like a success formula to me. Too much can go wrong.

IMHO phpmyadmin should not be on production systems.

It's loaded by default on virtually every website on the planet as most sites are on shared servers, most shared servers use control panels, and most control panels like cPanel and Plesk supply phpmyadmin.

I'm assuming the number of sites with phpmyadmin online probably easily range in the millions if not more.

Not that it makes it a good practice, just very prolific ;)

Shared servers: it's not the numbers that make it a good idea indeed.
If you're indeed limited to a very few bucks a month you get what the shared server provider gives you.

Even while it is true those managing the "lowest common denominator" type of service do include this,
I've also seen people adamant to install phpmyadmin on dedicated load balanced web farms for high profile services where production, test, development, etc are all well defined and well separated - and where the staffing includes proper DBAs who do not need such tools at all.

I guess I was unintentionally writing for a more high-end audience, sorry.

I guess I was unintentionally writing for a more high-end audience, sorry.

No need to apologize.

My point was if it were a serious point of vulnerability we'd probably hear about it all the time but we don't. However, on a high end site like you're discussing it makes sense to only have it installed on the development environment and not the run-time servers, I agree.