Jump to content

Archived

This topic is now archived and is closed to further replies.

rupertthebear

security issues LOAD DATA INFILE

Recommended Posts

I am a wamp newbie hoping to be able to build some inter-related mysql tables using LOAD DATA INFILE statements that refer to text files built and temporarily saved by PHP code on a web server. All works fine on my wamp - but the files are not picked up by the LOAD DATA INFILE statements in a similar experiment on my web domain.

I assume I cannot access the MySQL folders (to save my text files there) and I am told I need File permissions to my public_html folder (in order to save the text files there so that the LOAD DATA INFILE statement can pick it up).

And File permissions on the public_html folder has serious security implications. What are these implications - can my PHP script be read to see the MySQL username and password in a mysql_connect() statement? Can nasty files be saved by others on my public_html folder?

Hope this is the right forum to ask about this.

Share this post


Link to post
Share on other sites
The security risk does have to do with the files being in the mysql data directory itself. However, if you use LOAD DATA LOCAL INFILE, you can put the file wherever you want, and there's no issue.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.