Results 1 to 11 of 11
  1. #1

    quick PHP and mysql ?

    I am teaching myself mysql and php and have been looking at some php code that a freind did for a website. He has a mysql username to access the mysql database so that it can be displayed for the average user to see the results. The account name is "webuser" is this a built in account or one created specially for viewing the results without being able to change data?

    Another question I had about mysql is the auto_increment type, if you have 5 entries all using this vaule(1 2 3 4 5) then if you delete the 3rd entrie, does the 4th and 5th become the 3rd and 4th or do they keep their value?

    Thanks
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

  2. #2
    Perhaps it's because I'm dead tired -- but I didn't even grasp what you're trying to ask in the first part of your question.

    Are you saying no password is required to login and see the data? (via SSH, Telnet or something?)
    Or are you saying when you actually put the --

    $db = mysql_connect("localhost,"username", ... yadda yadda); ... bit?

    For the second part, no -- it will not re-number itself when you delete a record.

  3. #3
    for the first question let me try and make it more clear.

    He declares them as variable, the username as $user and the password for that name as $password(these are not his actually variable names but thats beside the point). Then uses these to access the database in the php script. This allows him to run the quierys so that the page can be displayed. I was wondering since he was using the account "webuser" if its a built in feature on mysql, or one hosting caompanys commonly use for this purpose? The main reason why I ask is cause this username is not listed in phpmyadmin of the site. Thanks Bulldog, for the answer of the second question.
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

  4. #4
    I've never seen "webuser" as a default username ... maybe it's their version of root for his account or something.

  5. #5
    Okay, now another question. If I use the root account to setup the connection to the mysql database in the php script is there any danger of security in that, as in some one accessing my mysql database?
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

  6. #6
    Join Date
    Aug 2002
    Location
    Long Island
    Posts
    427
    Never use the the root or default user account. Create one that has just enough rights to do what you are looking to do and only give that user rights to the database and tables that this user would need access too.

    The default privileges on Windows give all local users full privileges to all databases without specifying a password. To make MySQL more secure, you should set a password for all users and remove the row in the mysql.user table that has Host='localhost' and User=''.

    This should make things clearer, if not you can also check out the website.
    John Trovato
    In Office Networks, LLC
    Programmer, Cisco Network Engineer, Roofer, Biochemist, and Conductor.

  7. #7
    Join Date
    Aug 2002
    Location
    Long Island
    Posts
    427
    Note sure what platform you are using but it's the same for both windows and unix, i think.

    John
    John Trovato
    In Office Networks, LLC
    Programmer, Cisco Network Engineer, Roofer, Biochemist, and Conductor.

  8. #8
    Could some one give me a link to the information pretaining to setting up lower than root access for mysql databases? I am learning right now how to do php and mysql dynamic sites, and was as mentioned earlier looking at a friends code.

    ***Edit*** Thanks!
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

  9. #9
    Join Date
    Aug 2002
    Location
    Long Island
    Posts
    427
    Lippy,

    the best way is to go the MySQL site and check it out for yourself. that's how I found out all about user rights, installation, etc. There are a few different links

    www.mysql.com

    john
    John Trovato
    In Office Networks, LLC
    Programmer, Cisco Network Engineer, Roofer, Biochemist, and Conductor.

  10. #10
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    There is a 'user' table in 'mysql' database. When you list it (select * from user) , no rows should have empty 'password' , and unless you allow connections from remote hosts, each row should have 'localhost' in the host field.

    It is good thing to create new user for each new preject / database and grant it premissions on that database only.

  11. #11
    thanks sasha
    LipWeb.Net
    "Less Lip More Service"
    Providing Quality Hosting at Fair Prices
    AIM: LipWebNet MSN: daniel[at]lipweb.net [color=red]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •