Re: [PHP] MySQL Connection in Session ?
In most systems, database connections are pooled, meaning that when you give them up, they are not completely closed but the sql client software keeps them in a pool available for the next script asking for a similar connection, thus saving on the time to establish a connection.It is the connection between your script and the sql client that gets cut, the database does not know your script is gone, since the sql client doesn't tell it. For the pooling to work, it is necesary that all the connections requested have the same parameters, including user name and password. If you change username for each page, then the client software has to actually establish a connection for that user to retrieve the proper permisions. Of course, that connection would also be sent to the pool once the page is processed, but then the pool would soon fill up with many connections, one per username, each seldom used and in a really busy server, the connection would be dropped out of the pool before it gets a chance to be reused. Storing those many connection in session variables only moves the problem from having the sql client manage a large pool of little used connections to have PHP sessions do the same thing, far more inneficiently. The best thing is to make sure all connections you use are opened with exactly the same parameters, use just one connection for all the script (unless, of course, you actually have to connect to different databases) and let it go as fast as you can to give the next in line a chance to reuse it from the pool. Satyam - Original Message - From: PHP Mailing List [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Monday, June 11, 2007 6:53 PM Subject: [PHP] MySQL Connection in Session ? Can I maintain just one mysql connection resource to all my pages per user session. As far as I knows create connection is more expensive than executing queries ? Any reference how to make efficient for connection resources ? Thanks, Dino -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.13/843 - Release Date: 10/06/2007 13:39 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection in Session ?
PHP Mailing List wrote: Can I maintain just one mysql connection resource to all my pages per user session. As far as I knows create connection is more expensive than executing queries ? No, you can't store resources (of which mysql connections are one example) in sessions. Any reference how to make efficient for connection resources ? Making a connection to a MySQL database is a fairly expensive thing to do, but using persistant connections can make it a whole lot less problematic, but you may run into issues if you ever have multiple PHP boxes connecting to the same DB server depending on how your architecture works. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3
[snip] I have searched the mysql website and located an article which shows reference to this error indicating that the client may need to be upgraded but as I am using the mysql-5.0.13-rc-win32.zip package I am cautious about assuming that that is the actual cause. [/snip] http://us3.php.net/mysqli The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3
On Wednesday 26 October 2005 08:35, the author Jay Blanchard contributed to the dialogue on- RE: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3: [snip] I have searched the mysql website and located an article which shows reference to this error indicating that the client may need to be upgraded but as I am using the mysql-5.0.13-rc-win32.zip package I am cautious about assuming that that is the actual cause. [/snip] http://us3.php.net/mysqli The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above. Thanks for that -- I have decided to upgrade to 5.0.5 - I did see that file before posting but I think I must have got the wrong impression on first read thanks again david -- 40 yrs navigating and computing in blue waters. English Owner Captain of British Registered 60' bluewater Ketch S/V Taurus. Currently in San Diego, CA. Sailing bound for Europe via Panama Canal after completing engineroom refit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
I think you've just answered your own question here: I get a Can't Connect to MySQL Server error. I am not sure if it is localhost, since my webserver is on a different machine with a different name. The MySQL installation is on a different machine, separate from the web server with its own machine name. Your mysql_connect call should be to the ip address or hostname of the machine running mysqld. Make sure that mysql is configured to allow user test to connect from the machine you're connecting from. Also, make sure that mysql is configured to accept network connections. Finally, make sure that any firewalls you have between the machines allow tcp/ip traffic on port 3306. Ian On Thu, 2004-03-04 at 22:38, [EMAIL PROTECTED] wrote: Hi There, I'm trying to establish a first time connection to MySQL running on Win 2000. I have loaded the application and have entered a user name and password. The code that I am entering to establish a connection is: ?php $conn=mysql_connect(localhost, test, test); Echo $conn; ? I get a Can't Connect to MySQL Server error. I am not sure if it is localhost, since my webserver is on a different machine with a different name. The MySQL installation is on a different machine, separate from the web server with its own machine name. I looked at the my.ini file and the username and password paramaters match. Also, the MySQL admin is showing the host info as localhost via TCP/IP. The version is 1.4 The Start Check is showing a yes for an ini file, Ok for MySQL server path key, datadir, and basedir. Any assistance from you would be greatly appreciated. Thanks, Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Help
Robb Kerr wrote: Ok, I feel like a complete bonehead because I can't seem to figure this thing out. But, I readily welcome someone making me feel worse by pointing out my simple mistake. I can't get DW to connect to a MySQL database on a new server with which I'm working. I've worked with other servers and haven't had a problem. I'm providing all of the connection and password information so that you can help me - don't worry, I'll change all these once I've solved the problem. BTW, I've also posted this in the Dreamweaver newsgroups but they're not as helpful as this one, so please excuse the fact that this is a ways off-topic. [ snipped out passwords and login information ] myPhpAdmin provides the following connection script which works... ?php $dbh=mysql_connect (localhost, quinn_tempdbuser, password) or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db (quinn_tempdb); ? I have built a page which works fine when uploaded to the server... http://quinnserver.com/dbcheck.php Here's my question... What do I enter in DW's Testing Server and MySQL Connection dialogues to be able to use the database and table during the development phase without having to upload the pages to the server? You need to setup your mysql server so that it accepts non-local connections (by default mysql only listens on localhost). Generally this can be done from your control panel application. Also, it is never a good idea to give out your passwords in a public forum like this. If you can't find the option in your control panel (I know cpanel has it as a last option under the mysql section), you can ask your host to add an alias for mysql. -- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com --- Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
Hello, Thanks it works now Regards Moses Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards moses -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards from:Lars Torben Wilson [EMAIL PROTECTED] date:Wed, 18 Jun 2003 01:17:15 to: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] subject: Re: [PHP] MySQL Connection On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
this is a mysql specific question i think u have to go flush privileges; after you do that Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards from:Lars Torben Wilson [EMAIL PROTECTED] date:Wed, 18 Jun 2003 01:17:15 to: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] subject: Re: [PHP] MySQL Connection On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
On Tue, 2003-06-17 at 18:19, [EMAIL PROTECTED] wrote: Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards You've read the MySQL documentation, right? If not, do so. Trust me. You'll need it. Right now it looks like you need this section: http://www.mysql.com/doc/en/General_security.html Also, I was serious when I suggested asking on the MySQL mailing list. This list is for PHP. Finally, when you do ask, be sure to provide some more information. You need to tell them what you've done so far, where on the network the database server is, and your username when logged in. Good luck, Torben -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP-MySQL connection problem
My server is running on shared server which has support for PHP 4.1.2. I installed mySQL for our shared server. I also installed phpMyAdmin. Both are running properly. But I am facing following problems 1) If there is any error in the script - It is not getting displayed - screen is becoming blank, so it is becoming very difficult for me to make out any mistake. Check the php.ini values (or use ?php phpinfo();? to see what your values are for error_reporting and error_logging and display_errors. Your errors may be going into the Apache error log or even some other separate log where they belong. If so, your ISP is to be commended for their vigilance and Security focus. 2) I am trying to send email - but not getting any email. This is the script ? $mailBody = This is one line \ n This is a second line \n\n this is a third line; For one thing use \r\n not just \n. Spec. $boolMail = mail ([EMAIL PROTECTED], Test mail, $mailBody); print (Email has been send ); ? I am getting print statement but not the mail. Any extra settings are required ? if ($boolMail){ print Email has been queued.BR\n; } else{ print Couldn't even queue email, much less send it!BR\n; } Check your sendmail logs to see what's going on. Also check the sendmail and SMTP settings in php.ini (or ?php phpinfo();? and see if they make sense. Also ask your ISP if PHP (user 'nobody', probably) is even *ALLOWED* to send email. Maybe not. If they were paranoid enough to fix the logging, they may have dis-allowed PHP to send email. -- Like Music? http://l-i-e.com/artists.htm I'm looking for a PRO QUALITY two-input sound card supported by Linux (any major distro). Need to record live events (mixed already) to stereo CD-quality. Soundcard Recommendations? Software to handle the recording? Don't need fancy mixer stuff. Zero (0) post-production time. Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo audio-to-disk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Error - mysql_select_db
31/03/2002 01:02:04, Patrick Hartnett [EMAIL PROTECTED] wrote: You Need to use the command Mysql_Select_Db($db_name) Or Die(Unable to connect!); after connect with mysql I use something like this: mysql_connect($db_host, $db_user, $db_pass) or die (Unable to connect!); Mysql_Select_Db($db_name) Or Die(Unable to connect!); I don't use a $connection like var. here is a function used to authenticate users against mysql database. Problem is, I am not connecting for some reason. I have the db variables: $db_host $db_user $db_pass $db_name They are populated from an include (x.php) in the beginning of the php section. It is getting past the connect statement, but it is not selecting the proper database, and gives a: Error in query: No Database Selected in the error trap below (die). Any ideas what is wrong? Am I missing some syntax, or what? Thanks. Patrick ## function authenticate($user, $pass) { // check login and password // connect and execute query $connection = mysql_connect($db_host, $db_user, $db_pass) or die (Unable to connect!); $query = SELECT id from users WHERE username = '$user' AND password = PASSWORD('$pass'); mysql_select_db($db_name); //mysql_select_db(devweb); --what it should be, from file $result = mysql_query($query, $connection) or die (Error in query: . mysql_error()); // if row exists - user/pass combination is correct if (mysql_num_rows($result) == 1) { return 1; } // user/pass combination is wrong else { return 0; } } _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Error - mysql_select_db
I don't think those variables are readable in the function. Not totally sure though. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com - Original Message - From: Patrick Hartnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 30, 2002 10:02 PM Subject: [PHP] MySQL Connection Error - mysql_select_db here is a function used to authenticate users against mysql database. Problem is, I am not connecting for some reason. I have the db variables: $db_host $db_user $db_pass $db_name They are populated from an include (x.php) in the beginning of the php section. It is getting past the connect statement, but it is not selecting the proper database, and gives a: Error in query: No Database Selected in the error trap below (die). Any ideas what is wrong? Am I missing some syntax, or what? Thanks. Patrick ## function authenticate($user, $pass) { // check login and password // connect and execute query $connection = mysql_connect($db_host, $db_user, $db_pass) or die (Unable to connect!); $query = SELECT id from users WHERE username = '$user' AND password = PASSWORD('$pass'); mysql_select_db($db_name); //mysql_select_db(devweb); --what it should be, from file $result = mysql_query($query, $connection) or die (Error in query: . mysql_error()); // if row exists - user/pass combination is correct if (mysql_num_rows($result) == 1) { return 1; } // user/pass combination is wrong else { return 0; } } _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Mysql Connection
Hey Uma call to undefined function, well thats exactly what it means (it doesnt like the function specified eg mysql_connect)this means that your php installation does not have support for mysql. You can check this with the following ?php phpinfo(); ? run this via a browser and check the config of php... it should say --with-mysql heres an examle of the config section it gives Configure Command './configure' 'i386-redhat-linux' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--prefix=/usr' '--with-config-file-path=/etc' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-apxs=/usr/sbin/apxs' '--with-bz2' '--with-curl' '--with-db3' '--with-dom' '--with-exec-dir=/usr/bin' '--with-gd' '--with-gdbm' '--with-gettext' '--with-jpeg-dir=/usr' '--with-mm' '--with-openssl' '--with-png' '--with-regex=system' '--with-ttf' '--with-zlib' '--with-layout=GNU' '--enable-debugger' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-yp' '--enable-wddx' '--with-mysql' '--without-unixODBC' '--without-oracle' '--without-oci8' '--with-pspell' '--with-xml' You will need to recompile php to use mysql Hope this answers your question, and once recompiled your mysql_connect() function should work like a charm... C-Ya Chris -Original Message- From: Uma Shankari T. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 8:33 AM To: [EMAIL PROTECTED] Subject: [PHP] Mysql Connection Hello, I have installed php3 in my system.I want to connect with mysql.I have given this code $link=mysql_connect(localhost,username,password) or die(could not connect); but it is giving Fatal error: Call to undefined function: mysql_connect() Why it is showing like. Mysql is also running Any one came to know this tell me as soon as possible Regards, Uma -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Mysql Connection
On Tuesday 29 January 2002 15:29, Uma Shankari T. wrote: Hello, How do i check php support mysql.. If any one came to know this tell me... You have already been told how to. See the posting by Chris in response to your posting about the same question just a little while ago. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Hard reality has a way of cramping your style. -- Daniel Dennett */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
If I use extention .inc for including my connection- variables file then browser attempts to download this file which is not better then first. I searched the net on this topic and found a LOT of information about this problem and the best that I found is here I just want you to be aware of this problem It's common knowledge that you should NOT put your database user+PW into your HTML root. Using .inc means Apache (or whatever kind of server you're using) isn't going to parse the file through php. This has been discussed on this and other php related lists.. just have a look in the archive and you'll see.. Don't want to sound nasty harsh or whatever you want to call it but I think most tutorials will say something about it. I would suggest you read those before you send messages to this or any other list.. The archive is a great resource too. Remember.. you're most certainly not the first person who uses PHP to connect to MySQL.. most if not all issues you think you have found has been seen by others. Searching the archive and reading tutorials will keep you from burning bandwith and space for a non-issue. Have fun. Bye, B. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
I have tested again what I said yesterday and found that if I have problems in PHP support in Apache then all my information (username and password) are seing simly on the screen, so it's not about dead SQL server but PHP. However, I went through all docs that I have on this topic and found that the only solution of this is to put included connect.php/inc outside of htdocs directory and configure your php.ini such a way that one outsider directory would be accepted and only by php call. Hope I didn't mess up this time so you are able to understand what I mean... =)) Thank you for the help anyway, just be aware of this PHP prob when you pick up provider. Youri On 8 Aug 2001, at 19:33, Attila Strauss wrote: hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kindaheader(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
Hi All, Also a good advice is to restrict the access to the files where you include your login/pass. Give permissions to only the PHP user, I mean the user that runs the php process (in unix/linux make a ps axu and look at the user column). Then change the file permissions to just that user (unix chown and chmod, more info 'man chmod' and 'man chown'). If you are using W9x/ME you're out of luck. Hope this helps. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) BRACK wrote: I have tested again what I said yesterday and found that if I have problems in PHP support in Apache then all my information (username and password) are seing simly on the screen, so it's not about dead SQL server but PHP. However, I went through all docs that I have on this topic and found that the only solution of this is to put included connect.php/inc outside of htdocs directory and configure your php.ini such a way that one outsider directory would be accepted and only by php call. Hope I didn't mess up this time so you are able to understand what I mean... =)) Thank you for the help anyway, just be aware of this PHP prob when you pick up provider. Youri On 8 Aug 2001, at 19:33, Attila Strauss wrote: hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kindaheader(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands,
RE: [PHP] MySQL connection
How exactly is the username/password from the mysql_connect() call shown to the browser? I normally just get a PHP error when the db connection can't be made. No code is shown, just a line number. If, in your case, PHP dumps the source code to the browser window when the db connection won't work, then something has to be wrong. :) --Matt -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 5:57 AM To: Attila Strauss Cc: [EMAIL PROTECTED] Subject: Re: [PHP] MySQL connection I have tested again what I said yesterday and found that if I have problems in PHP support in Apache then all my information (username and password) are seing simly on the screen, so it's not about dead SQL server but PHP. However, I went through all docs that I have on this topic and found that the only solution of this is to put included connect.php/inc outside of htdocs directory and configure your php.ini such a way that one outsider directory would be accepted and only by php call. Hope I didn't mess up this time so you are able to understand what I mean... =)) Thank you for the help anyway, just be aware of this PHP prob when you pick up provider. Youri On 8 Aug 2001, at 19:33, Attila Strauss wrote: hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kindaheader(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Hey Youri, Could you let us know what file extension you use for you php files? And give us the exact code/error message you get on screen. Of course you can hide your username/pass with x. Thanks Bjorn Van Simaeys www.bvsenterprises.com --- Matthew Loff [EMAIL PROTECTED] wrote: How exactly is the username/password from the mysql_connect() call shown to the browser? I normally just get a PHP error when the db connection can't be made. No code is shown, just a line number. If, in your case, PHP dumps the source code to the browser window when the db connection won't work, then something has to be wrong. :) --Matt -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 5:57 AM To: Attila Strauss Cc: [EMAIL PROTECTED] Subject: Re: [PHP] MySQL connection I have tested again what I said yesterday and found that if I have problems in PHP support in Apache then all my information (username and password) are seing simly on the screen, so it's not about dead SQL server but PHP. However, I went through all docs that I have on this topic and found that the only solution of this is to put included connect.php/inc outside of htdocs directory and configure your php.ini such a way that one outsider directory would be accepted and only by php call. Hope I didn't mess up this time so you are able to understand what I mean... =)) Thank you for the help anyway, just be aware of this PHP prob when you pick up provider. Youri On 8 Aug 2001, at 19:33, Attila Strauss wrote: hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kinda header(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] === message truncated === __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
RE: [PHP] MySQL connection
Ohh, I don't get any error messages, BUT if I have my php functions not working properly I can see the sourse of php code on my browser. If I use extention .inc for including my connection- variables file then browser attempts to download this file which is not better then first. I searched the net on this topic and found a LOT of information about this problem and the best that I found is here I just want you to be aware of this problem, play with your server to understand my worry: FROM: Johnny Withers DATE: 04/30/2001 08:21:46 SUBJECT: RE: Password security Put it in an include file, like.. dbconnect.inc Then add this to your httpd.conf file: Files ~ \.inc$ Order allow,deny Deny from all /Files keeps people from downloading your .inc files. And also, make the .inc file readable only by the web server and no one else. Cheers. - Johnny Withers EMAIL: PROTECTED p. 601.853.0211 c. 601.209.4985 -Original Message- From: oltra jean-michel [mailto:EMAIL: PROTECTED] Sent: Monday, April 30, 2001 10:03 AM To: Philippe Louis Houze Cc: EMAIL: PROTECTED Subject: Re: Password security On Sun, 29 Apr 2001, Philippe Louis Houze wrote: Date: Sun, 29 Apr 2001 10:56:52 -0400 From: Philippe Louis Houze EMAIL: PROTECTED To: EMAIL: PROTECTED Subject: Re: Password security Hi, How do you keep MySQL password out of view of visitors when needed in PHP to access the db. The password is in plain english in all the php files, and can be easily downloaded by anyone. Philippe ex: ? mysql_connect(host, user, password); mysql_select_db(database); ? ? include(variables.php3); $link = mysql_connect($db_server,$db_login,$db_password); mysql_select_db($db,$link); ? and in variables.php3 file ? $db_server = host; $db_login = user; $db_password = mypassword; $db = database; ? and protect include-directory with .htaccess -- jean-michel - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail EMAIL: PROTECTED To unsubscribe, e-mail mysql-unsubscribe-johnny=EMAIL: PROTECTED Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail EMAIL: PROTECTED To unsubscribe, e-mail mysql-unsubscribe-archiver=EMAIL: PROTECTED Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php On 9 Aug 2001, at 13:04, Bjorn Van Simaeys wrote: Hey Youri, Could you let us know what file extension you use for you php files? And give us the exact code/error message you get on screen. Of course you can hide your username/pass with x. Thanks Bjorn Van Simaeys www.bvsenterprises.com --- Matthew Loff [EMAIL PROTECTED] wrote: How exactly is the username/password from the mysql_connect() call shown to the browser? I normally just get a PHP error when the db connection can't be made. No code is shown, just a line number. If, in your case, PHP dumps the source code to the browser window when the db connection won't work, then something has to be wrong. :) --Matt -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 5:57 AM To: Attila Strauss Cc: [EMAIL PROTECTED] Subject: Re: [PHP] MySQL connection I have tested again what I said yesterday and found that if I have problems in PHP support in Apache then all my information (username and password) are seing simly on the screen, so it's not about dead SQL server but PHP. However, I went through all docs that I have on this topic and found that the only solution of this is to put included connect.php/inc outside of htdocs directory and configure your php.ini such a way that one outsider directory would be accepted and only by php call. Hope I didn't mess up this time so you are able to understand what I mean... =)) Thank you for the help anyway, just be aware of this PHP prob when you pick up provider. Youri On 8 Aug 2001, at 19:33, Attila Strauss wrote: hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kinda header(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get
Re: [PHP] MySQL connection
Yes that is what I mean, but also When I played with my Apache I saw ALL my information on the screen without any error message. Actually it maybe that my PHP server was down at that moment as well, well, I must check it up Youri On 7 Aug 2001, at 13:00, Bjorn Van Simaeys wrote: Hi, I think BRACK a.k.a. Jouri means that the connection string (from the PHP pages) would be visible in the client's browser once the SQL server stops running. However, I am not so sure about this as all commands are processed on the server - it will, however display an error message that the SQL server is inaccessible. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- Tyler Longren [EMAIL PROTECTED] wrote: If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ God is our provider http://www.body-builders.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
I mean he will know all your sensitive information to enter your SQL server in couple of hours when server will be up again. Youri On 7 Aug 2001, at 14:40, Tyler Longren wrote: If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kindaheader(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Ha ha... hardcore the user/password Sorry... I realize you gave a good answer, just had to laugh. :) -Original Message- From: Attila Strauss [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 1:33 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] MySQL connection hi, there are 2 ways. 1. you hardcore the user/password in the php.ini file. 2. u do a simply error checking like : ?php $connect = mysql_connect($host, $user, $pass); if(!$connect) { print connection failed; } ? of course you could also do like kindaheader(Location: http://host;); instead of print connection failed. i hope i could help you. best regards attila strauss Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can s ee on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Mysql connection problems
Warning: MySQL Connection Failed: Can't connect to MySQL server on 'localhost' (10061) in c:\arquivos de programas\apache group\apache\htdocs\db_connect.php on line 3 Couldn't connect. Is the MySQL deamon running? IE, is there a black MS-DOS window (maybe minimized) that has something not unlike this: C:\mysql\bin\mysqld.exe: ready for connections in it? If not, you need to open an MS-DOS window and cd to where-ever you installed MySQL and do "mysqld" and just let it sit there. It's not "hung", it's just waiting for you to do some MySQL stuff. Can you connect to the MySQL deamon using mysql monitor? IE, open an MS-DOS window and cd to where-ever you installed MySQL and do "mysql mysql" Then use \q to quit. Get MySQL up-and-running without trying to get PHP to talk to it first. -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]