Re: [PHP] MySQL Connection in Session ?
In most systems, database connections are pooled, meaning that when you give them up, they are not completely closed but the sql client software keeps them in a pool available for the next script asking for a similar connection, thus saving on the time to establish a connection.It is the connection between your script and the sql client that gets cut, the database does not know your script is gone, since the sql client doesn't tell it. For the pooling to work, it is necesary that all the connections requested have the same parameters, including user name and password. If you change username for each page, then the client software has to actually establish a connection for that user to retrieve the proper permisions. Of course, that connection would also be sent to the pool once the page is processed, but then the pool would soon fill up with many connections, one per username, each seldom used and in a really busy server, the connection would be dropped out of the pool before it gets a chance to be reused. Storing those many connection in session variables only moves the problem from having the sql client manage a large pool of little used connections to have PHP sessions do the same thing, far more inneficiently. The best thing is to make sure all connections you use are opened with exactly the same parameters, use just one connection for all the script (unless, of course, you actually have to connect to different databases) and let it go as fast as you can to give the next in line a chance to reuse it from the pool. Satyam - Original Message - From: PHP Mailing List [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Monday, June 11, 2007 6:53 PM Subject: [PHP] MySQL Connection in Session ? Can I maintain just one mysql connection resource to all my pages per user session. As far as I knows create connection is more expensive than executing queries ? Any reference how to make efficient for connection resources ? Thanks, Dino -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.13/843 - Release Date: 10/06/2007 13:39 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection in Session ?
PHP Mailing List wrote: Can I maintain just one mysql connection resource to all my pages per user session. As far as I knows create connection is more expensive than executing queries ? No, you can't store resources (of which mysql connections are one example) in sessions. Any reference how to make efficient for connection resources ? Making a connection to a MySQL database is a fairly expensive thing to do, but using persistant connections can make it a whole lot less problematic, but you may run into issues if you ever have multiple PHP boxes connecting to the same DB server depending on how your architecture works. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3
[snip] I have searched the mysql website and located an article which shows reference to this error indicating that the client may need to be upgraded but as I am using the mysql-5.0.13-rc-win32.zip package I am cautious about assuming that that is the actual cause. [/snip] http://us3.php.net/mysqli The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3
On Wednesday 26 October 2005 08:35, the author Jay Blanchard contributed to the dialogue on- RE: [PHP] MySql connection error on win XP for script that works on Freebsd 5.3: [snip] I have searched the mysql website and located an article which shows reference to this error indicating that the client may need to be upgraded but as I am using the mysql-5.0.13-rc-win32.zip package I am cautious about assuming that that is the actual cause. [/snip] http://us3.php.net/mysqli The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above. Thanks for that -- I have decided to upgrade to 5.0.5 - I did see that file before posting but I think I must have got the wrong impression on first read thanks again david -- 40 yrs navigating and computing in blue waters. English Owner Captain of British Registered 60' bluewater Ketch S/V Taurus. Currently in San Diego, CA. Sailing bound for Europe via Panama Canal after completing engineroom refit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
I think you've just answered your own question here: I get a Can't Connect to MySQL Server error. I am not sure if it is localhost, since my webserver is on a different machine with a different name. The MySQL installation is on a different machine, separate from the web server with its own machine name. Your mysql_connect call should be to the ip address or hostname of the machine running mysqld. Make sure that mysql is configured to allow user test to connect from the machine you're connecting from. Also, make sure that mysql is configured to accept network connections. Finally, make sure that any firewalls you have between the machines allow tcp/ip traffic on port 3306. Ian On Thu, 2004-03-04 at 22:38, [EMAIL PROTECTED] wrote: Hi There, I'm trying to establish a first time connection to MySQL running on Win 2000. I have loaded the application and have entered a user name and password. The code that I am entering to establish a connection is: ?php $conn=mysql_connect(localhost, test, test); Echo $conn; ? I get a Can't Connect to MySQL Server error. I am not sure if it is localhost, since my webserver is on a different machine with a different name. The MySQL installation is on a different machine, separate from the web server with its own machine name. I looked at the my.ini file and the username and password paramaters match. Also, the MySQL admin is showing the host info as localhost via TCP/IP. The version is 1.4 The Start Check is showing a yes for an ini file, Ok for MySQL server path key, datadir, and basedir. Any assistance from you would be greatly appreciated. Thanks, Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Help
Robb Kerr wrote:
Ok, I feel like a complete bonehead because I can't seem to figure this
thing out. But, I readily welcome someone making me feel worse by pointing
out my simple mistake. I can't get DW to connect to a MySQL database on a
new server with which I'm working. I've worked with other servers and
haven't had a problem. I'm providing all of the connection and password
information so that you can help me - don't worry, I'll change all these
once I've solved the problem. BTW, I've also posted this in the Dreamweaver
newsgroups but they're not as helpful as this one, so please excuse the
fact that this is a ways off-topic.
[ snipped out passwords and login information ]
myPhpAdmin provides the following connection script which works...
?php $dbh=mysql_connect (localhost, quinn_tempdbuser, password) or
die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db (quinn_tempdb);
?
I have built a page which works fine when uploaded to the server...
http://quinnserver.com/dbcheck.php
Here's my question... What do I enter in DW's Testing Server and MySQL
Connection dialogues to be able to use the database and table during the
development phase without having to upload the pages to the server?
You need to setup your mysql server so that it accepts non-local
connections (by default mysql only listens on localhost).
Generally this can be done from your control panel application. Also, it
is never a good idea to give out your passwords in a public forum like this.
If you can't find the option in your control panel (I know cpanel has it
as a last option under the mysql section), you can ask your host to add
an alias for mysql.
--
Burhan Khalid
phplist[at]meidomus[dot]com
http://www.meidomus.com
---
Documentation is like sex: when it is good,
it is very, very good; and when it is bad,
it is better than nothing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
Hello, Thanks it works now Regards Moses Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards moses -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards from:Lars Torben Wilson [EMAIL PROTECTED] date:Wed, 18 Jun 2003 01:17:15 to: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] subject: Re: [PHP] MySQL Connection On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
this is a mysql specific question i think u have to go flush privileges; after you do that Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards from:Lars Torben Wilson [EMAIL PROTECTED] date:Wed, 18 Jun 2003 01:17:15 to: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] subject: Re: [PHP] MySQL Connection On Tue, 2003-06-17 at 17:13, [EMAIL PROTECTED] wrote: Hello, Would be grateful if someone couldkindly point me in the right direction. Check the MySQL documentation. You also might want to ask on the MySQL mailing list. http://www.mysql.com/doc/en/Default_privileges.html http://www.mysql.com/doc/en/Access_denied.html It appears, however, that mysqld is not recognizing the authority of whoever you're connected as to modify the grant tables. Try connecting as the admin user. Good luck, Torben Whenever I try to connect to mysql server, I get these messsage back 1. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql 2. mysql GRANT ALL PRIVILEGES ON *.* TO moses@% IDENTIFIED BY cludiana; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql what could be wrong. Help please . Regards Moses -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection
On Tue, 2003-06-17 at 18:19, [EMAIL PROTECTED] wrote: Hello, This seems not to be working, I am using win2000 and a newbie. please simplify this process. ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] - IDENTIFIED BY 'cludiana' WITH GRANT OPTION; ERROR 1045: Access denied for user: '@127.0.0.1' (Using password: NO) mysql Regards You've read the MySQL documentation, right? If not, do so. Trust me. You'll need it. Right now it looks like you need this section: http://www.mysql.com/doc/en/General_security.html Also, I was serious when I suggested asking on the MySQL mailing list. This list is for PHP. Finally, when you do ask, be sure to provide some more information. You need to tell them what you've done so far, where on the network the database server is, and your username when logged in. Good luck, Torben -- Torben Wilson [EMAIL PROTECTED]+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP-MySQL connection problem
My server is running on shared server which has support for PHP 4.1.2. I
installed mySQL for our shared server. I also installed phpMyAdmin. Both
are running properly. But I am facing following problems
1) If there is any error in the script - It is not getting displayed -
screen is becoming blank, so it is becoming very difficult for me to make
out any mistake.
Check the php.ini values (or use ?php phpinfo();? to see what your values
are for error_reporting and error_logging and display_errors.
Your errors may be going into the Apache error log or even some other
separate log where they belong.
If so, your ISP is to be commended for their vigilance and Security focus.
2) I am trying to send email - but not getting any email. This is the script
?
$mailBody = This is one line \ n This is a second line \n\n this is a
third line;
For one thing use \r\n not just \n.
Spec.
$boolMail = mail ([EMAIL PROTECTED], Test mail, $mailBody);
print (Email has been send );
?
I am getting print statement but not the mail. Any extra settings are
required ?
if ($boolMail){
print Email has been queued.BR\n;
}
else{
print Couldn't even queue email, much less send it!BR\n;
}
Check your sendmail logs to see what's going on.
Also check the sendmail and SMTP settings in php.ini (or ?php phpinfo();?
and see if they make sense.
Also ask your ISP if PHP (user 'nobody', probably) is even *ALLOWED* to send
email. Maybe not. If they were paranoid enough to fix the logging, they
may have dis-allowed PHP to send email.
--
Like Music? http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro). Need to record live events (mixed already) to stereo
CD-quality. Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff. Zero (0)
post-production time. Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo
audio-to-disk.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Error - mysql_select_db
31/03/2002 01:02:04, Patrick Hartnett [EMAIL PROTECTED] wrote:
You Need to use the command
Mysql_Select_Db($db_name) Or Die(Unable to connect!);
after connect with mysql
I use something like this:
mysql_connect($db_host, $db_user, $db_pass) or die (Unable to connect!);
Mysql_Select_Db($db_name) Or Die(Unable to connect!);
I don't use a $connection like var.
here is a function used to authenticate users against mysql database.
Problem is, I am not connecting for some reason. I have the db variables:
$db_host
$db_user
$db_pass
$db_name
They are populated from an include (x.php) in the beginning of the php
section. It is getting past the connect statement, but it is not selecting
the proper database, and gives a:
Error in query: No Database Selected
in the error trap below (die). Any ideas what is wrong? Am I missing some
syntax, or what?
Thanks.
Patrick
##
function authenticate($user, $pass)
{
// check login and password
// connect and execute query
$connection = mysql_connect($db_host, $db_user, $db_pass) or die (Unable
to connect!);
$query = SELECT id from users WHERE username = '$user' AND password =
PASSWORD('$pass');
mysql_select_db($db_name);
//mysql_select_db(devweb); --what it should be, from file
$result = mysql_query($query, $connection) or die (Error in query: .
mysql_error());
// if row exists - user/pass combination is correct
if (mysql_num_rows($result) == 1)
{
return 1;
}
// user/pass combination is wrong
else
{
return 0;
}
}
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL Connection Error - mysql_select_db
I don't think those variables are readable in the function. Not totally
sure though.
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com
- Original Message -
From: Patrick Hartnett [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, March 30, 2002 10:02 PM
Subject: [PHP] MySQL Connection Error - mysql_select_db
here is a function used to authenticate users against mysql database.
Problem is, I am not connecting for some reason. I have the db variables:
$db_host
$db_user
$db_pass
$db_name
They are populated from an include (x.php) in the beginning of the php
section. It is getting past the connect statement, but it is not
selecting
the proper database, and gives a:
Error in query: No Database Selected
in the error trap below (die). Any ideas what is wrong? Am I missing
some
syntax, or what?
Thanks.
Patrick
##
function authenticate($user, $pass)
{
// check login and password
// connect and execute query
$connection = mysql_connect($db_host, $db_user, $db_pass) or die (Unable
to connect!);
$query = SELECT id from users WHERE username = '$user' AND password =
PASSWORD('$pass');
mysql_select_db($db_name);
//mysql_select_db(devweb); --what it should be, from file
$result = mysql_query($query, $connection) or die (Error in query: .
mysql_error());
// if row exists - user/pass combination is correct
if (mysql_num_rows($result) == 1)
{
return 1;
}
// user/pass combination is wrong
else
{
return 0;
}
}
_
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Mysql Connection
Hey Uma call to undefined function, well thats exactly what it means (it doesnt like the function specified eg mysql_connect)this means that your php installation does not have support for mysql. You can check this with the following ?php phpinfo(); ? run this via a browser and check the config of php... it should say --with-mysql heres an examle of the config section it gives Configure Command './configure' 'i386-redhat-linux' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--prefix=/usr' '--with-config-file-path=/etc' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-apxs=/usr/sbin/apxs' '--with-bz2' '--with-curl' '--with-db3' '--with-dom' '--with-exec-dir=/usr/bin' '--with-gd' '--with-gdbm' '--with-gettext' '--with-jpeg-dir=/usr' '--with-mm' '--with-openssl' '--with-png' '--with-regex=system' '--with-ttf' '--with-zlib' '--with-layout=GNU' '--enable-debugger' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-yp' '--enable-wddx' '--with-mysql' '--without-unixODBC' '--without-oracle' '--without-oci8' '--with-pspell' '--with-xml' You will need to recompile php to use mysql Hope this answers your question, and once recompiled your mysql_connect() function should work like a charm... C-Ya Chris -Original Message- From: Uma Shankari T. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 8:33 AM To: [EMAIL PROTECTED] Subject: [PHP] Mysql Connection Hello, I have installed php3 in my system.I want to connect with mysql.I have given this code $link=mysql_connect(localhost,username,password) or die(could not connect); but it is giving Fatal error: Call to undefined function: mysql_connect() Why it is showing like. Mysql is also running Any one came to know this tell me as soon as possible Regards, Uma -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Mysql Connection
On Tuesday 29 January 2002 15:29, Uma Shankari T. wrote: Hello, How do i check php support mysql.. If any one came to know this tell me... You have already been told how to. See the posting by Chris in response to your posting about the same question just a little while ago. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Hard reality has a way of cramping your style. -- Daniel Dennett */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
If I use extention .inc for including my connection- variables file then browser attempts to download this file which is not better then first. I searched the net on this topic and found a LOT of information about this problem and the best that I found is here I just want you to be aware of this problem It's common knowledge that you should NOT put your database user+PW into your HTML root. Using .inc means Apache (or whatever kind of server you're using) isn't going to parse the file through php. This has been discussed on this and other php related lists.. just have a look in the archive and you'll see.. Don't want to sound nasty harsh or whatever you want to call it but I think most tutorials will say something about it. I would suggest you read those before you send messages to this or any other list.. The archive is a great resource too. Remember.. you're most certainly not the first person who uses PHP to connect to MySQL.. most if not all issues you think you have found has been seen by others. Searching the archive and reading tutorials will keep you from burning bandwith and space for a non-issue. Have fun. Bye, B. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
I have tested again what I said yesterday and found that if I have
problems in PHP support in Apache then all my information
(username and password) are seing simly on the screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this topic and found
that the only solution of this is to put included connect.php/inc
outside of htdocs directory and configure your php.ini such a way
that one outsider directory would be accepted and only by php call.
Hope I didn't mess up this time so you are able to understand what
I mean... =))
Thank you for the help anyway, just be aware of this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kindaheader(Location: http://host;); instead
of print connection failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on my
localhost and got the two error messages I told you I
was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
I'm curious as to how the hacker would see all
this information (the
username.. password, etc..) just by going to a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of security of
MySQL connection:
Let us imagine that SQL server was down for some
hours (of
course without us knowing it) and at the same
hours our SQL site
was visited by some kind of hacker, he can s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in different
file than the file
that your users open then the hacker will see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine the
consequences of
this visit of the hacker. What can we do to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
Hi All,
Also a good advice is to restrict the access to the files where you
include your login/pass. Give permissions to only the PHP user, I mean
the user that runs the php process (in unix/linux make a ps axu and look
at the user column). Then change the file permissions to just that user
(unix chown and chmod, more info 'man chmod' and 'man chown'). If you
are using W9x/ME you're out of luck.
Hope this helps.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
BRACK wrote:
I have tested again what I said yesterday and found that if I have
problems in PHP support in Apache then all my information
(username and password) are seing simly on the screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this topic and found
that the only solution of this is to put included connect.php/inc
outside of htdocs directory and configure your php.ini such a way
that one outsider directory would be accepted and only by php call.
Hope I didn't mess up this time so you are able to understand what
I mean... =))
Thank you for the help anyway, just be aware of this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kindaheader(Location: http://host;);
instead of print connection failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on my
localhost and got the two error messages I told you I
was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
I'm curious as to how the hacker would see all
this information (the
username.. password, etc..) just by going to a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of security of
MySQL connection:
Let us imagine that SQL server was down for some
hours (of
course without us knowing it) and at the same
hours our SQL site
was visited by some kind of hacker, he can s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in different
file than the file
that your users open then the hacker will see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine the
consequences of
this visit of the hacker. What can we do to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
RE: [PHP] MySQL connection
How exactly is the username/password from the mysql_connect() call shown
to the browser?
I normally just get a PHP error when the db connection can't be made.
No code is shown, just a line number. If, in your case, PHP dumps the
source code to the browser window when the db connection won't work,
then something has to be wrong. :)
--Matt
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 5:57 AM
To: Attila Strauss
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] MySQL connection
I have tested again what I said yesterday and found that if I have
problems in PHP support in Apache then all my information
(username and password) are seing simly on the screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this topic and found
that the only solution of this is to put included connect.php/inc
outside of htdocs directory and configure your php.ini such a way
that one outsider directory would be accepted and only by php call.
Hope I didn't mess up this time so you are able to understand what
I mean... =))
Thank you for the help anyway, just be aware of this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kindaheader(Location:
http://host;); instead of print connection failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on my localhost and got
the two error messages I told you I was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
I'm curious as to how the hacker would see all
this information (the
username.. password, etc..) just by going to a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of security of
MySQL connection:
Let us imagine that SQL server was down for some
hours (of
course without us knowing it) and at the same
hours our SQL site
was visited by some kind of hacker, he can s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in different
file than the file
that your users open then the hacker will see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine the
consequences of
this visit of the hacker. What can we do to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo!
Messenger http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Hey Youri,
Could you let us know what file extension you use for
you php files? And give us the exact code/error
message you get on screen. Of course you can hide your
username/pass with x.
Thanks
Bjorn Van Simaeys
www.bvsenterprises.com
--- Matthew Loff [EMAIL PROTECTED] wrote:
How exactly is the username/password from the
mysql_connect() call shown
to the browser?
I normally just get a PHP error when the db
connection can't be made.
No code is shown, just a line number. If, in your
case, PHP dumps the
source code to the browser window when the db
connection won't work,
then something has to be wrong. :)
--Matt
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 5:57 AM
To: Attila Strauss
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] MySQL connection
I have tested again what I said yesterday and found
that if I have
problems in PHP support in Apache then all my
information
(username and password) are seing simly on the
screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this
topic and found
that the only solution of this is to put included
connect.php/inc
outside of htdocs directory and configure your
php.ini such a way
that one outsider directory would be accepted and
only by php call.
Hope I didn't mess up this time so you are able to
understand what
I mean... =))
Thank you for the help anyway, just be aware of
this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini
file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kinda
header(Location:
http://host;); instead of print connection
failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on
my localhost and got
the two error messages I told you I was going to
get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however
that I
always include my connect.php file. Maybe that's
a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go
to
your site
http://localhost/... you will see yourself all
the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen
wrote:
I'm curious as to how the hacker would see
all
this information (the
username.. password, etc..) just by going to
a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of
security of
MySQL connection:
Let us imagine that SQL server was down
for some
hours (of
course without us knowing it) and at the
same
hours our SQL site
was visited by some kind of hacker, he can
s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in
different
file than the file
that your users open then the hacker will
see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine
the
consequences of
this visit of the hacker. What can we do
to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List
(http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators,
e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
=== message truncated ===
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
RE: [PHP] MySQL connection
Ohh, I don't get any error messages, BUT if I have my php
functions not working properly I can see the sourse of php code on
my browser. If I use extention .inc for including my connection-
variables file then browser attempts to download this file which is
not better then first. I searched the net on this topic and found a
LOT of information about this problem and the best that I found is
here I just want you to be aware of this problem, play with your
server to understand my worry:
FROM: Johnny Withers
DATE: 04/30/2001 08:21:46
SUBJECT: RE: Password security Put it in an include file, like..
dbconnect.inc
Then add this to your httpd.conf file:
Files ~ \.inc$
Order allow,deny
Deny from all
/Files
keeps people from downloading your .inc files.
And also, make the .inc file readable only by the web server
and no one else.
Cheers.
-
Johnny Withers
EMAIL: PROTECTED
p. 601.853.0211
c. 601.209.4985
-Original Message-
From: oltra jean-michel [mailto:EMAIL: PROTECTED]
Sent: Monday, April 30, 2001 10:03 AM
To: Philippe Louis Houze
Cc: EMAIL: PROTECTED
Subject: Re: Password security
On Sun, 29 Apr 2001, Philippe Louis Houze wrote:
Date: Sun, 29 Apr 2001 10:56:52 -0400
From: Philippe Louis Houze EMAIL: PROTECTED
To: EMAIL: PROTECTED
Subject: Re: Password security
Hi,
How do you keep MySQL password out of view of visitors when
needed
in PHP to access the db. The password is in plain english in
all the php files, and can be easily downloaded by anyone.
Philippe
ex:
? mysql_connect(host, user, password);
mysql_select_db(database);
?
?
include(variables.php3);
$link = mysql_connect($db_server,$db_login,$db_password);
mysql_select_db($db,$link);
?
and in variables.php3 file
?
$db_server = host;
$db_login = user;
$db_password = mypassword;
$db = database;
?
and protect include-directory with .htaccess
--
jean-michel
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail EMAIL: PROTECTED
To unsubscribe, e-mail mysql-unsubscribe-johnny=EMAIL:
PROTECTED
Trouble unsubscribing? Try:
http://lists.mysql.com/php/unsubscribe.php
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail EMAIL: PROTECTED
To unsubscribe, e-mail mysql-unsubscribe-archiver=EMAIL:
PROTECTED
Trouble unsubscribing? Try:
http://lists.mysql.com/php/unsubscribe.php
On 9 Aug 2001, at 13:04, Bjorn Van Simaeys wrote:
Hey Youri,
Could you let us know what file extension you use for
you php files? And give us the exact code/error
message you get on screen. Of course you can hide your
username/pass with x.
Thanks
Bjorn Van Simaeys
www.bvsenterprises.com
--- Matthew Loff [EMAIL PROTECTED] wrote:
How exactly is the username/password from the
mysql_connect() call shown
to the browser?
I normally just get a PHP error when the db
connection can't be made.
No code is shown, just a line number. If, in your
case, PHP dumps the
source code to the browser window when the db
connection won't work,
then something has to be wrong. :)
--Matt
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 5:57 AM
To: Attila Strauss
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] MySQL connection
I have tested again what I said yesterday and found
that if I have
problems in PHP support in Apache then all my
information
(username and password) are seing simly on the
screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this
topic and found
that the only solution of this is to put included
connect.php/inc
outside of htdocs directory and configure your
php.ini such a way
that one outsider directory would be accepted and
only by php call.
Hope I didn't mess up this time so you are able to
understand what
I mean... =))
Thank you for the help anyway, just be aware of
this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini
file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kinda
header(Location:
http://host;); instead of print connection
failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on
my localhost and got
the two error messages I told you I was going to
get
Re: [PHP] MySQL connection
Yes that is what I mean, but also When I played with my Apache I saw ALL my information on the screen without any error message. Actually it maybe that my PHP server was down at that moment as well, well, I must check it up Youri On 7 Aug 2001, at 13:00, Bjorn Van Simaeys wrote: Hi, I think BRACK a.k.a. Jouri means that the connection string (from the PHP pages) would be visible in the client's browser once the SQL server stops running. However, I am not so sure about this as all commands are processed on the server - it will, however display an error message that the SQL server is inaccessible. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- Tyler Longren [EMAIL PROTECTED] wrote: If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ God is our provider http://www.body-builders.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
I mean he will know all your sensitive information to enter your SQL server in couple of hours when server will be up again. Youri On 7 Aug 2001, at 14:40, Tyler Longren wrote: If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Hey Jouri, I don't agree with this one. I tested it out on my localhost and got the two error messages I told you I was going to get: Warning: Unknown MySQL Server Host... Warning: MySQL Connection Failed... No usernames/passwords. I have to say however that I always include my connect.php file. Maybe that's a secure way to connect without anyone seeing your password in case of sqlserver problems. Greetz, Bjorn Van Simaeys www.bvsenterprises.com --- BRACK [EMAIL PROTECTED] wrote: If you have Apache and MySQL servers make this experiment - start Apache but forget to start SQL and go to your site http://localhost/... you will see yourself all the information on the screen. Youri On 7 Aug 2001, at 12:53, Ryan Christensen wrote: I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kindaheader(Location: http://host;); instead of
print connection failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on my
localhost and got the two error messages I told you I
was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
I'm curious as to how the hacker would see all
this information (the
username.. password, etc..) just by going to a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of security of
MySQL connection:
Let us imagine that SQL server was down for some
hours (of
course without us knowing it) and at the same
hours our SQL site
was visited by some kind of hacker, he can s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in different
file than the file
that your users open then the hacker will see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine the
consequences of
this visit of the hacker. What can we do to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
Ha ha... hardcore the user/password
Sorry... I realize you gave a good answer, just had to laugh. :)
-Original Message-
From: Attila Strauss [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 1:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] MySQL connection
hi,
there are 2 ways.
1. you hardcore the user/password in the php.ini file.
2. u do a simply error checking like :
?php
$connect = mysql_connect($host, $user, $pass);
if(!$connect)
{
print connection failed;
}
?
of course you could also do like kindaheader(Location:
http://host;); instead of print connection failed.
i hope i could help you.
best regards
attila strauss
Hey Jouri,
I don't agree with this one. I tested it out on my
localhost and got the two error messages I told you I
was going to get:
Warning: Unknown MySQL Server Host...
Warning: MySQL Connection Failed...
No usernames/passwords. I have to say however that I
always include my connect.php file. Maybe that's a
secure way to connect without anyone seeing your
password in case of sqlserver problems.
Greetz,
Bjorn Van Simaeys
www.bvsenterprises.com
--- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
Youri
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
I'm curious as to how the hacker would see all
this information (the
username.. password, etc..) just by going to a
site where the SQL backend
was down?
Ryan
-Original Message-
From: BRACK [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL connection
I just wanned to bring the issue of security of
MySQL connection:
Let us imagine that SQL server was down for some
hours (of
course without us knowing it) and at the same
hours our SQL site
was visited by some kind of hacker, he can s
ee
on his screen all
our SQL connection info like username,
password, and database
name. You may hide this information in different
file than the file
that your users open then the hacker will see
something like
include(connect.inc); or
require(connect.inc); (of course IF
server is down). So you may only imagine the
consequences of
this visit of the hacker. What can we do to
protect our sensitive
information if SQL server is down?
Youri
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo!
Messenger http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
If the SQL server is down how will he hack it? That's like hacking a webserver that doesn't exist. Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Tue, 7 Aug 2001 21:35:58 +0200 BRACK [EMAIL PROTECTED] wrote: I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL connection
I'm curious as to how the hacker would see all this information (the username.. password, etc..) just by going to a site where the SQL backend was down? Ryan -Original Message- From: BRACK [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 12:36 PM To: [EMAIL PROTECTED] Subject: [PHP] MySQL connection I just wanned to bring the issue of security of MySQL connection: Let us imagine that SQL server was down for some hours (of course without us knowing it) and at the same hours our SQL site was visited by some kind of hacker, he can see on his screen all our SQL connection info like username, password, and database name. You may hide this information in different file than the file that your users open then the hacker will see something like include(connect.inc); or require(connect.inc); (of course IF server is down). So you may only imagine the consequences of this visit of the hacker. What can we do to protect our sensitive information if SQL server is down? Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Mysql connection problems
Warning: MySQL Connection Failed: Can't connect to MySQL server on 'localhost' (10061) in c:\arquivos de programas\apache group\apache\htdocs\db_connect.php on line 3 Couldn't connect. Is the MySQL deamon running? IE, is there a black MS-DOS window (maybe minimized) that has something not unlike this: C:\mysql\bin\mysqld.exe: ready for connections in it? If not, you need to open an MS-DOS window and cd to where-ever you installed MySQL and do "mysqld" and just let it sit there. It's not "hung", it's just waiting for you to do some MySQL stuff. Can you connect to the MySQL deamon using mysql monitor? IE, open an MS-DOS window and cd to where-ever you installed MySQL and do "mysql mysql" Then use \q to quit. Get MySQL up-and-running without trying to get PHP to talk to it first. -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
