Would it be acceptable to make a looser permit for host access? e.g. allow XXX.YYY.ZZZ.* to connect (i assume the client IP is changing w/in some given range) .. you still have the protection on top of that of a username/password to provide access to the db, right?

quick idea off the top of my head -- you could install http://www.phpmyadmin.net or http://www.phpmyedit.org and then hit them with WWW::Mechanize to submit changes .. essentially the same model you just proposed but a lot more powerful and you don't have to deal with the lower db stuff..

Another way would be to use http://www.dyndns.com (or similiar) service to give the client a static hostname (even though the IP is dynamic) .. then you can either restrict mysql host access by name (not sure offhand if it works that way or requires IP; if requires IP then you can setup a cronjob on the server to check for IP changes for that hostname and update the mysql host access setting)

Update: i'll second jhourcle's SSH tunnel suggestion as another possibility (i've actually done that several times to connect to a remote db--shoulda mentioned it myself)