Gossamer Forum
(Advanced Search)
for
Home : General : Databases and SQL :

phpuser, phppass

Jul 1, 2002, 11:59 AM
hennagaijin
User (425 posts)
Jul 1, 2002, 11:59 AM
Post #1 of 7
Views: 6397
Shortcut
Quote Reply
phpuser, phppass
Just getting started using PHP to connect to MySQL databases...

One thing I'm kind of unclear about is what is the significant of "phpuser" and "phppass"? Are these just standard examples used in manuals and such - like "foo" and "bar"? Or is there generally a user set up in MySQL called "phpuser" with certain limited privileges so that one can interface with a MySQL db through a browser using PHP without causing security problems? It would seem to be dangerous to configure a PHP script to connect with my "administrator" username and password, right?

Thanks in advance for any help or advice.
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Jul 1, 2002, 2:08 PM
Andy
Veteran / Moderator (18441 posts)
Andy's avatar
Jul 1, 2002, 2:08 PM
Post #2 of 7
Views: 6315
Shortcut
Quote Reply
Re: [hennagaijin] phpuser, phppass In reply to
The way I always connect is;

Code:
// connect to mySQL and if not pass back an error
$connection = mysql_connect($sql_host, $sql_username, $sql_password); $error = mysql_error();
if (!$connection) { sql_error("Unable to connect with your login info for MySQL. Reason: $error", $connection); }
if ($debug) { echo "Host connection established....<BR>"; } //a little something for debugging

// now we need to connect the database
$db = mysql_select_db($sql_database, $connection); $error = mysql_error();
if (!$db) { sql_error("Unable to connect to database. Reason: $sql_username $sql_database $error", $connection); }
if ($debug) { echo "Database connection established....<BR>"; } // a little debugging info if needed...


// run the query to update the 'sales' column...
$query = "SELECT * FROM Users WHERE Username = '$Username'";
$result = mysql_query($query); if (!$result) { $error = mysql_error(); sql_error("Unable to login...Reason: $error", $connection); }
mysql_query($query);

Obviously I then have another function called sql_error(), which contains;

Code:
// if we get a SQL error, put it here
function sql_error($error, $connection) {

$template = file("signup_error.html");

foreach ($template as $line) {

$line = ereg_replace("::ERROR::", "$error", $line);
echo $line;

}

mysql_close($connection); // exit the connection so we dont clog up MySQL
exit;

}

>>>It would seem to be dangerous to configure a PHP script to connect with my "administrator" username and password, right? <<<

Indeed. I always use a limited access user, and limit them to just that database. As for the variables I use....normally I hold these in an external file, something like sql.inc.php, then just print a basic thing on that page if anyone is clever enough to know that is where the variables are held, so it just prints something for them Tongue

Hope that helps.

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Jul 1, 2002, 2:14 PM
hennagaijin
User (425 posts)
Jul 1, 2002, 2:14 PM
Post #3 of 7
Views: 6215
Shortcut
Quote Reply
Re: [Andy] phpuser, phppass In reply to
Thanks, Andy.

I guess part of what made me think there might be a default user called "phpuser" was that when I tried to add a new user with that name (through my web host's control panel, not through a command line) I received an error message saying that user "phpuser" already exists. But the only user who has been "setup" by me to access my database is me...

I guess maybe I just need to try to connect as "phpuser" and see what happens.

Anyway, thanks for your help.
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Jul 3, 2002, 5:24 AM
hennagaijin
User (425 posts)
Jul 3, 2002, 5:24 AM
Post #4 of 7
Views: 6272
Shortcut
Quote Reply
Re: [Andy] phpuser, phppass In reply to
Okay, I'm starting to get a handle on this. When you refer to a limited access user, what kind of permissions are we talking about? Maybe Select, Insert, Update, and Delete, but NOT Create, Drop, Index, or Alter? Would that make sense?

I would think when using something like MySQLMan, I would have to use the full administrative user (not root, since I'm on a shared host, but my personal login) right?

Thanks for your help.
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Jul 3, 2002, 7:12 AM
Stealth
Veteran (17240 posts)
Stealth's avatar
Jul 3, 2002, 7:12 AM
Post #5 of 7
Views: 6269
Shortcut
Quote Reply
Re: [hennagaijin] phpuser, phppass In reply to
Table perms have to be set at the MySQL administrator level, which since you are on a virtual host, you cannot configure.

In terms of the MySQLMan, it does not really give you true "adminstrator" perms...all it does is allows you to do certain tasks specified by your server administrator.
========================================
Buh Bye!

Cheers,
Me
Jul 3, 2002, 7:20 AM
hennagaijin
User (425 posts)
Jul 3, 2002, 7:20 AM
Post #6 of 7
Views: 6283
Shortcut
Quote Reply
Re: [Stealth] phpuser, phppass In reply to
Thanks for the reply.

Actually, my host, Dreamhost, does permit some control over MySQL user permissions via their control panel. I can set up new users and give them any or all of the following permission levels (on my databases only, of course):

Select, Insert, Update, Delete, Create, Drop, Index, Alter

With that in mind, does my suggested breakdown make sense? Would a script running from a browser that only needed to interact with a database I already had set up need anything other than Select, Insert, Update, and Delete?
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Jul 3, 2002, 7:24 AM
Stealth
Veteran (17240 posts)
Stealth's avatar
Jul 3, 2002, 7:24 AM
Post #7 of 7
Views: 6208
Shortcut
Quote Reply
Re: [hennagaijin] phpuser, phppass In reply to
Welp, MySQLMan doesn't allow you to do that.

And yes, whatever script you use, the perms will reside at the MySQL server level, thus, within your scripts, you do not need to add another level of permission settings since you do that through your "control panel".
========================================
Buh Bye!

Cheers,
Me