SEO

I would like to create some simple stored procedures to allow users to
execute some fairly simple tasks with a minimum amount of privileges
granted. (e.g. EXECUTE privileges only, if possible)

Most of them are just boilerplate select statements with a few free
variables
(e.g. "SELECT T2.* from table1 T1 join table2 T2 on T1.id = T2.id
where T1.key = ___" where the ___ gets filled in differently each
time)

It looks like stored procedures are the way to go, since I can create
them as a user with the appropriate privileges, and then the procedure
inherits those privileges and acts as a mediator to allow the users
only the data they need.

I ran some simple tests & was able to:
* create a temporary table
* insert single rows into the temporary table
* return result sets from the temporary table
* return result sets from another table
all with just calling stored procedures with only EXECUTE privileges
for my test user.

This does 99% of what I need. My only dilemma seems to be how to push
data the other direction, e.g. insert a bunch of data from the user
into a temporary table. (so a stored procedure can then validate it &
incorporate valid data into the real tables)

My questions are these:

1) Is there a way that I can do the equivalent to "INSERT into table1
(blah) values (blah),(blah),(blah)..." without allowing arbitrary
insert privileges, or only allowing the user to insert into a
particular temporary table without allowing them to insert into any
other tables?

2) is there a good series of reference articles for designing stored
procedures for secure access to MySQL databases? I don't need much
complexity & if this works, it saves me the trouble of having to write
any software on the server end (other than the stored procedures).

(p.s. I am using Micro$oft ADO to access my database via MySQL ODBC
connector, so either raw SQL and/or ADO-isms would suffice