[PHP] Whats wrong with this query?
$addamysqluser = mysql_query(grant select,insert,drop,update,delete,create,index,alter on $_POST[f2] to [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]); What is wrong with the above php based mysql_query ? I am trying to add a user to mysql granting just the specified rights to table defined by the $_POST[f2] which is both the table and username and the password is defined by $_POST[f3]. This has been baffleing me for a couple of days now and any help given is very much appreciated. Thank you in advance. Yours Dave C --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.535 / Virus Database: 330 - Release Date: 01/11/2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whats wrong with this query?
Hi Dave, I could be wrong cause i am answering without running your code : 1) your mysql user account probably does not have grant privileges. good thing too. It's very dangerous to just run a grant query like this because it can so easily be abused by a malicious user. (of course you might have security measures in place which are not obvious to us because you have not posted that part of the code). 2) your variables should in the strictest sense be $_POST['f2'] etc. all the best Dave Carrera wrote: $addamysqluser = mysql_query(grant select,insert,drop,update,delete,create,index,alter on $_POST[f2] to [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]); What is wrong with the above php based mysql_query ? I am trying to add a user to mysql granting just the specified rights to table defined by the $_POST[f2] which is both the table and username and the password is defined by $_POST[f3]. This has been baffleing me for a couple of days now and any help given is very much appreciated. Thank you in advance. Yours Dave C -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Whats wrong with this query?
Dave Carrera mailto:[EMAIL PROTECTED]
on Monday, November 10, 2003 8:45 AM said:
$addamysqluser = mysql_query(grant
select,insert,drop,update,delete,create,index,alter on $_POST[f2] to
[EMAIL PROTECTED] IDENTIFIED by $_POST[f3]);
What is wrong with the above php based mysql_query ?
1. What error are you getting? (This information should always be
included in a why isn't this working? post.)
2. How do you know it's not working?
3. Assign your sql statement to a variable and then pass that variable
to the mysql_query() function. Then echo the variable used to store the
query and see if everything looks right to you.
4. Have you tried putting single quotes around the $_POST indexes? i.e.
$_POST['f2']
5. (I believe) You need to put { and } around your $_POST variables.
i.e. {$_POST['f2']}
HTH,
Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Whats wrong with this query?
--- Dave Carrera [EMAIL PROTECTED] wrote: $addamysqluser = mysql_query(grant select,insert,drop,update,delete,create,index,alter on $_POST[f2] to [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]); What is wrong with the above php based mysql_query? I'm not sure about the query itself, but it seems to me your problem is more about using strings with PHP. $foo = grant select,insert,drop,update,delete,create,index,alter on $_POST[f2] to [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]; echo $foo; Try that, and I think the output will show you the problem. The solution is to use curly braces around $_POST['f2'], in addition to properly quoting the key as I just did. In order to more easily identify problems like this, you can: 1. Store the query in a variable, and use that variable in mysql_query(). This will allow you to echo it to the screen or something during debugging, so that you can identify anything obvious, such as this. 2. Output mysql_error() if mysql_query() does not return true. This will show you what MySQL thinks the error is, which is very helpful. Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Whats wrong with this query?
-Original Message- From: Dave Carrera [mailto:[EMAIL PROTECTED] Sent: maandag 10 november 2003 17:45 To: [EMAIL PROTECTED] Subject: [PHP] Whats wrong with this query? $addamysqluser = mysql_query(grant select,insert,drop,update,delete,create,index,alter on $_POST[f2] to [EMAIL PROTECTED] IDENTIFIED by $_POST[f3]); What is wrong with the above php based mysql_query ? The value you use for the IDENTIFIED BY clause (which is, of course, the password) should be quoted in mysql because it is a value. Both table and username are sortoff 'objects'. Try this: $Query = 'GRANT select, insert, drop, update, delete, create, index, alter ON '.$_POST['f2'].' TO '.$_POST['f2'].' IDENTIFIED BY '.mysql_escape_string($_POST['f3']).''; mysql_query($Query); if (mysql_error()) print mysql_error(); What I also just noted was that you use $_POST[f2] twice, if you are not also creating a table with the same name as the user this is probably not what you meant. It might just, but it looks odd to me. Wouter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
