Jump to content

Archived

This topic is now archived and is closed to further replies.

khefner

password/user for mysql

Recommended Posts

I am trying to get a php script to access a mysql database for a website I administer. Mysql is installed and working on the website server. I also have access to PHPMyAdmin application. Here is what I get when I connect to my php file using a web browser:

 

Connected to MySQL

MySQL server version: 3.23.58

MySQL host info: Localhost via UNIX socket

Error creating database: Access denied for user: 'wjw-admin@localhost' to database 'my_db'

 

 

Here is the code from my php file

<html>

 

<body>

 

<?php

 

$db = mysql_connect('localhost', 'user', 'password')

 

or die("Unable to connect to MySQL");

print "Connected to MySQL<br>";

 

printf("MySQL server version: %s\n", mysql_get_server_info());

 

printf("MySQL host info: %s\n", mysql_get_host_info());

 

 

$sql = 'CREATE DATABASE my_db';

if (mysql_query($sql, $db)) {

echo "Database my_db created successfully\n";

} else {

echo 'Error creating database: ' . mysql_error() . "\n";

}

 

?>

 

</body>

 

</html>

 

I edited my code posted here for the user and password. That is really my first question; I am not really sure what to use for my user and password. I have a admin account for MySQL (I can change this on my admin control panel) but I dont think thats the password to use. (Thats what I use when I get the error above) I thought the password could be set with PHPMyAdmin but I could not find how to do that in the documentation. So basically I have a feeling my problem is that I am not using the right user/password, but I dont know how to look them up or create them. Thanks,

Hef

 

Share this post


Link to post
Share on other sites

Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

 

Hope that helps.

Share this post


Link to post
Share on other sites

[!--quoteo(post=330313:date=Dec 25 2005, 08:53 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 25 2005, 08:53 AM) 330313[/snapback][/div][div class=\'quotemain\'][!--quotec--]

Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

 

Hope that helps.

 

 

Yes thanks Fenway, I was able to retrieve data from the database so I know my log in must be working.

A question regarding security using a "log in screen".

 

Right now I have the user and password part of the php script. So how is that secure? When the page opens, the connection is made. Thanks,

Kevin

Share this post


Link to post
Share on other sites

I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.

Share this post


Link to post
Share on other sites

Thanks, I have the security figured out I think. Using my admin control panel, I password protected the directory that has the php files in it.

 

Share this post


Link to post
Share on other sites

[!--quoteo(post=330573:date=Dec 27 2005, 12:24 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 27 2005, 12:24 AM) 330573[/snapback][/div][div class=\'quotemain\'][!--quotec--]

I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.

 

Well I am still a little unclear about the user set up for mysql.

Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.

I am using my admin mysql login and password to connect to the database and gain full privelegdes.

I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?

The version of mysql is 3.23.58

Thanks,

Hef

Share this post


Link to post
Share on other sites

This can be acheived with MySQL GRANT statements; I believe that PHPMyAdmin has a "privileges" page as well with a GUI to these options too.

Share this post


Link to post
Share on other sites

[!--quoteo(post=332484:date=Jan 2 2006, 12:00 PM:name=Hef)--][div class=\'quotetop\']QUOTE(Hef @ Jan 2 2006, 12:00 PM) 332484[/snapback][/div][div class=\'quotemain\'][!--quotec--]

Well I am still a little unclear about the user set up for mysql.

Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.

I am using my admin mysql login and password to connect to the database and gain full privelegdes.

I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?

The version of mysql is 3.23.58

Thanks,

Hef

 

Well I will have to look into doing it with grant statements. I dont think my version of phpmyadmin (phpMyAdmin 2.6.0-pl3 ) has the "priviligdes feature". (Although I agree with you it exists!)

I have looked all over the application and I find nothing regarding privilegdes and users.

Thanks,

Hef

Share this post


Link to post
Share on other sites

Guess so... MySQL 5 has an CREATEUSER() command, I think. Just remember that even to _create_ a new database you need to correct GRANT privilege (e.g. CREATE) before you can "create" it!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.