The only safe way to do this is via "semaphores." Have the PHP application write a file to a known location that includes the command you want to execute, say "stop" or "start". Then have a cron job running as root that checks for that file, carries out the command, and deletes the file when it is finished. You can tell cron to check for the file once per minute. That should be quickly enough if all you're doing is taking down the MySQL server.
If you need confirmation, have the cron script send you an email when it is finished.
Do not give the www-data any root privileges whatsoever unless this is a server that will never be exposed to the world outside your firewall.
Here's a simple example for the cron script assuming the file is called /tmp/mysql-controller and contains "start" or "stop".
To have the server send you mail, you need to have an SMTP server like Postfix installed and also the mailutils package that includes the "mail" command-line program. If you use "sudo apt-get install mailutils" it will install Postfix as a dependency if you do not already have it.
# quit if the file isn't there or has zero length
[ -s "$CHKFILE" ] && exit 0
# extract the command from the file and run it
service mysql $CMD >> /dev/null
rm -f $CHKFILE
# send an email notice to ADMIN
mail -s 'MySQL restarted' $ADMIN < /dev/null