> -----Original Message-----
> From: Dave Carrera [mailto:[EMAIL PROTECTED]
> Sent: maandag 10 november 2003 17:45
> To: [EMAIL PROTECTED]
> Subject: [PHP] Whats wrong with this query?
>
> $addamysqluser = mysql_query("grant
> select,insert,drop,update,delete,create,index,alter on $_POST[f2] to
> [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]");
>
> What is wrong with the above php based mysql_query ?
>
The value you use for the IDENTIFIED BY clause (which is, of course, the
password) should be quoted in mysql because it is a value. Both table and
username are sortoff 'objects'. Try this:
--------
$Query = 'GRANT select, insert, drop, update, delete, create, index, alter
ON '.$_POST['f2'].'
TO '.$_POST['f2'].' IDENTIFIED BY
"'.mysql_escape_string($_POST['f3']).'"';
mysql_query($Query);
if (mysql_error()) print mysql_error();
--------
What I also just noted was that you use $_POST[f2] twice, if you are not
also creating a table with the same name as the user this is probably not
what you meant. It might just, but it looks odd to me.
Wouter
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
