recently i started making a pentest to a webserver using fedora, running squirremail,apache,php and mysql, i found an sql injection vulnerability, which i quick try to explore, i found that mysql was version 5.0.27 and it was running as root, therefore i was able to use load_file and outfile, i verify too that i have access to information_schema, after i grab all tables, i grab some interesting data, username and hashs, after this i tryed connect to webserver via web interface, ssh and mysql, for upload shell, all without sucess =(. i tryed outfile shell to public var of www but i obtain error because i dont have permissions, but i verify that i can outfile to /tmp and load_file with sucess, but this is useless since load_file return a string and i cant access shell on /tmp dir via include vulnerabilities. so i get tired and start think in other ways of obtain local access to that machine, i load_file httpd.conf for obtain vhost list to look for login pages data of forums or blogs to later upload shell. i get some interesting data but unfortunately some files dont have permissions, like some pages of vhosts and .htaccess files.
this is part of what i got
so, about the mysql, my questions are:

1)i can load_file /etc/passwd and some *.php files but unfornately im unable to load_file some files like .htaccess and *php of some vhosts, this happen because its related to that file permissions or file_priv?

2)since i cannot read all content of a file, does load_file have limit of size when load files? how can i bypass this?

3)its possible using outfile when magic_quotes are on? because i tryed this on other machines using char, hex encoding and none of this worked, there is any solution for this?

4)for got the tables i use
select null,table_name,null from information_schema.tables, what should i use to get the columns?

5)its possible updating the content of a field, for later when page displayed execute php code?

help will be appreciated, regards.