php/mysql security question

My dynamic site uses php scripts that connect to a mysql database with a DB user that has select access only. The admin scripts have write access but are in a htprotected directory.

Now I want to track stats and increment a counter in a table when links are clicked. This means a user accessable script needs update access to a table in the database. I look at this as a big security risk. Is it? Is there any easy way for a hacker to look at the raw php code? Should I approach this another way?

Thanks.

 

 

 

 

Top