I'm trying to build a blog website.
It is deployed on Heroku and it is supposed to connect to a MySQL database. The info required to login to my database is stored in an environment variable on Heroku, and looks like this (These are fake credentials of course):
mysql://g46w916ds134b8:639f463e#us-cdbr-east-03.cleardb.net/heroku_45fab1d19h35yetf?reconnect=true
It contains the DB name, the user, the password and the host.
Is there a way to use this one string directly in my PHP code to connect to the database? I checked MySQLi and PDO documentation, and it seems like they only accept DSN/user/password or Host/user/password/DBname format.
This is a url after all, so you can use parse_url function to extract data.
// Connection string from environmental variable in heroku
$connectionStringHerokuEnv = 'mysql://g46w916ds134b8:639f463e#us-cdbr-east-03.cleardb.net/heroku_45fab1d19h35yetf?reconnect=true';
$parsed = parse_url($connectionStringHerokuEnv);
$dbname = ltrim($parsed['path']. '/'); // PATH has prepended / at the beginning, it needs to be removed
// Connecting to the database
$conn = new PDO("{$parsed['scheme']}:host={$parsed};$dbname={$dbname};charset=utf8mb4", $parsed['user'], $parsed['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
For database connection you should always use PDO and not mysqli driver. PDO allows you to connect to almost any database, without rewriting code in 85% of cases.
dont forget options [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION], this will allow you to catch any errors and handle them accordingly to application needs.
PDO accept this connection string driver: host=DATABASE_HOST;dbname=DATABASE_NAME; charset=DEFAULT_CHARSET(use utf8 whenever you can)
Learn more on parse_url: https://www.php.net/manual/en/function.parse-url
Learn more on PDO:
https://www.php.net/manual/en/class.pdo.php
<?php
$str = "mysql://g46w916ds134b8:639f463e#us-cdbr-east-03.cleardb.net/heroku_45fab1d19h35yetf?reconnect=true";
// If I correctly understanded 'mysql://login:passwd#host/dbname?some_params'
// data parsing from input string
$sp = explode('/', $str);
$sp1 = explode('#', $sp[2]);
$first_part_sp = explode(':', $sp1[0]);
$login = $first_part_sp[0];
$passwd = $first_part_sp[1];
$host = $sp1[1];
$dbname = explode('?', $sp[3])[0];
$connect_str = "mysql:host=$host;dbname=$dbname";
echo $connect_str." ".$login." ".$passwd;
// database access
$pdo = new PDO($connect_str, $user, $passwd);
?>
I use Xampp as server. I have mysql table that i visualize with bootstrap grid. As the table have more than 1000 rows, the visualization with bootstrap is slow. I'm trying to work server side but have a problem connecting to the data base with this code
$dbDetails = array(
'host' => 'localhost',
'user' => 'root',
'pass' => '',
'db' => 'company');
It can't contact the server or connect to the database, while with this is possible. I receive the following errors: DataTables warning: table id=memListTable - Invalid JSON response AND {"error":"An error occurred while connecting to the database. The error reported by the server was: SQLSTATE[HY000] [1045] Access denied for user 'root'#'localhost' (using password: NO)"}
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "company";
I use MySQL 5.7.17 on AWS RDS.
I encountered a strange behavior and I am looking for an explanation.
In short: I try to connect over SSL, with settings that I think should cause the connection to FAIL, but it succeeds!
The following PHP code succeeds to connect to the RDS instance over SSL:
<?
$HOST = "something.amazonaws.com";
$USER = "myuser";
$PASS = "mypass";
$connectionString = "mysql:host={$HOST};charset=utf8";
$options = [ ];
$options[PDO::MYSQL_ATTR_SSL_CA] = "LITERALLY THIS TEXT. DEFINITELY NOT A CERTIFICATE!";
$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
$conn = new \PDO($connectionString, $USER, $PASS, $options);
$sql = "SHOW STATUS LIKE 'Ssl_cipher'";
$stmt = $conn->prepare($sql);
$stmt->execute([ ]);
$stmt->setFetchMode(\PDO::FETCH_ASSOC);
$rows = $stmt->fetchAll();
print_r($rows);
The result I get:
Array
(
[0] => Array
(
[Variable_name] => Ssl_cipher
[Value] => AES256-SHA
)
)
Also, I found three pem files in /etc/ca-certificates/rds-mysql. I thought that PHP might be going there for some reason, so I deleted them, but the SSL connection still succeeds.
Note: if I delete the line that says $options[PDO::MYSQL_ATTR_SSL_CA] = "LITERALLY THIS TEXT. DEFINITELY NOT A CERTIFICATE!"; - it does NOT connect over SSL. So it appears that this option does have some impact.
My question is: how come it succeeds?
I'm trying to use Google Cloud SQL over SSL from GCE(Google Compute Engine) instance. My problem is that I cannot connect to Cloud SQL instance over SSL.
mysql command works normally. I can connect to Cloud SQL instance with certification files.
mysql -uroot -p -h [IP Address] --ssl-ca=/home/user/.cert/server-ca.pem --ssl-cert=/home/user/.cert/client-cert.pem --ssl-key=/home/user/.cert/client-key.pem
However, I got warning and fatal error as followings when I access from PHP program.
<?php
$pdo = new PDO('mysql:host=[IP Address];dbname=testdb', 'root', 'test', array(
PDO::MYSQL_ATTR_SSL_KEY =>'/home/user/.cert/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT=>'/home/user/.cert/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA =>'/home/user/.cert/server-ca.pem'
)
);
$stmt = $pdo->query("SHOW TABLES;");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($row);
?>
PHP Warning: PDO::__construct(): Peer certificate CN=`[GCP project name]:[Cloud SQL instance name]' did not match expected CN=`[IP Address]' in /tmp/mysql.php on line 7
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] ' in /tmp/mysql.php on line 7
I got same error when I used mysqli.
$mysqli = mysqli_init();
mysqli_options($mysqli, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->ssl_set('/home/user/.cert/client-key.pem',
'/home/user/.cert/client-cert.pem',
'/home/user/.cert/server-ca.pem',
NULL,NULL);
$mysqli->real_connect('[IP Address]', 'root', 'test', 'testdb', 3306, NULL, MYSQLI_CLIENT_SSL);
PHP Warning: mysqli::real_connect(): Peer certificate CN=`[GCP project name]:[Cloud SQL instance name]' did not match expected CN=`[IP Address]' in /tmp/mysql3.php on line 30
Warning: mysqli::real_connect(): (HY000/2002): in /tmp/mysql3.php on line 30
This question looks be relevant to my case but there is no answer yet. SSL self-signed certifications to connect with Mysql with PHP
Does anyone know about solutions?
Update 1
The bug is reported. https://bugs.php.net/bug.php?id=71003
Very similar question here. Google Cloud SQL SSL fails peer certificate validation
My PHP version is 5.6.14. I will update to 5.6.16 to use MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT.
Update 2
Fixed it when I use mysqli
What I did are as followings:
1 I updated my PHP to 5.6.20
sudo apt-get install php5
2 I put the MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT option like this.
$mysqli->real_connect('[IP Address]', 'root', 'test', 'testdb', 3306, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
My application uses both mysqli and PDO for some reasons. I'm now looking for PDO's solution.
Update 3
This bug report shows about PDO's case. Sounds not fixed yet.
https://bugs.php.net/bug.php?id=71845
This is also related. https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/google-cloud-sql-discuss/4HNvmq7MpU4/kuSjhkS2AwAJ
As far as I understand, there is no way to resolve for PDO.
Update 4
Some people blame google's design of CN names (I agree with them actually..)
What's worst is you guys use impossible CN names (:) . If the CN was without colon maybe I can map the ip and the CN in my hosts file so that when peer validation is done it can pass. With the colon, php thinks is host and is port
and Google's staff? understand the problem.
I understand the current situation when connecting by IP is not ideal.
But it seems they provide a solution called 'proxy'.
https://groups.google.com/forum/#!topic/google-cloud-sql-discuss/gAzsuCzPlaU
I'm using Cloud SQL second generation and my applications are hosted GCE. So I think I can use the proxy way. I will try it now.
Update 5
Setup the proxy access. Solved both PDO and mysqli access.
Install the proxy on Ubuntu
$ wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64
$ mv cloud_sql_proxy.linux.amd64 cloud_sql_proxy
$ chmod +x cloud_sql_proxy
$ sudo mkdir /cloudsql; sudo chmod 777 /cloudsql
$ ./cloud_sql_proxy -dir=/cloudsql -instances=<project name>:us-central1:mydb
PDO
<?php
$pdo = new pdo('mysql:unix_socket=/cloudsql/<project name>:us-central1:mydb;dbname=testdb','root','test');
$stmt = $pdo->query("SHOW TABLES;");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($row);
?>
mysqli
$mysqli = mysqli_connect('localhost', 'root', 'test', 'testdb', 3306, '/cloudsql/<project name>:us-central1');
$sql = "SELECT id FROM users";
if ($result = $mysqli->query($sql)) {
while ($row = $result->fetch_assoc()) {
echo $row["id"] . "\n";
}
$result->close();
}
$mysqli->close();
refs (Japanese)
http://blog.hrendoh.com/connecting-to-google-cloud-sql-using-mysql-client/
http://blog.hrendoh.com/google-appengine-php-using-cloud-sql/
For PDO connections that don't use Google cloud or cannot benefit from the proxy solution, they have fixed the bug and it is merged now.
There is now a constant for this (starting April 2017):
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
http://git.php.net/?p=php-src.git;a=commit;h=247ce052cd0fc7d0d8ea1a0e7ea2075e9601766a
In short, use Cloud SQL Proxy if you need to access from both PDO and mysqli. You have no choice.
https://cloud.google.com/sql/docs/sql-proxy
For mysqli, adding:
MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
to real_connect() solved my instance of this issue.
Example (replace host, user, password and database as needed):
$db_connection->real_connect('ip address or host', 'user', 'password', 'database', 3306, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
Full php mysqli SSL connection script:
// check if openssl is enabled on server
if(!extension_loaded('openssl')) {
throw new Exception('This app needs the Open SSL PHP extension and it is missing.');
}
// start connection
$db_connection = mysqli_init();
// set ssl config (update with your certs location)
$db_connection->ssl_set('/etc/my.cnf.d/certs/client-key.pem','/etc/my.cnf.d/certs/client-cert.pem', '/etc/my.cnf.d/certs/ca-cert.pem', NULL, NULL);
// connect (update with your host, db and credentials)
$db_connection->real_connect('ip address or host', 'user', 'password', 'database', 3306, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
Example in CakePHP 3.5.x + PHP 7.1.x + SQL Google Cloud + SSL
Change file in: config/app.php
...
...
/**
* The test connection is used during the test suite.
*/
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'xx.xxx.xxx.xxx',
//'port' => 'non_standard_port_number',
'username' => 'user_name_x',
'password' => 'pass_x',
'database' => 'bd_name_x',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
'quoteIdentifiers' => false,
'log' => false,
'flags' => [
PDO::MYSQL_ATTR_SSL_KEY => CONFIG.'client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => CONFIG.'client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => CONFIG.'server-ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
],
//'ssl_key' => CONFIG.'client-key.pem',
//'ssl_cert' => CONFIG.'client-cert.pem',
//'ssl_ca' => CONFIG.'server-ca.pem',
//'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
],
],
...
...
Example PHP Pure + PDO + SSL:
$ssl_key = CONFIG.'client-key.pem';
$ssl_cert = CONFIG.'client-cert.pem';
$ssl_ca = CONFIG.'server-ca.pem';
$pdo = new PDO('mysql:host=xxx.xxx.xxx.xxx;dbname=db_name_x', 'user_name_x', 'pass_x', array(
PDO::MYSQL_ATTR_SSL_KEY => '/path/full/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => '/path/full/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => '/path/full/server-ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
)
);
$statement = $pdo->query("SHOW TABLES;");
var_dump($statement);
$row = $statement->fetch(PDO::FETCH_ASSOC);
echo json_encode($row);
exit();
I had the same problem with a MySQL database hosted at compose cluster.
After searching and testing for hours, I found out that the best solution is to disable testing the certificate provided by the server by using the MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag.
I haven't tested it with PDO but with the mysqli interface it is working for me.
In general this problem would appear with a database hosted at a cluster server.
$option = array();
$option['driver'] = 'mysql'; // Database driver name
$option['host'] = 'localhost'; // Database host name
$option['user'] = '*****'; // User for database authentication
$option['password'] = '********'; // Password for database authentication
$option['database'] = 'teste_dados'; // Database name
$db = JDatabase::getInstance( $option );
// Create a new query object.
$query = $db->getQuery(true);
/*
// Insert columns.
$columns = array('id_teste','testes','time');
// Insert values.
$values = array(4,'loucura3',date("h:i:s"));
// Prepare the insert query.
$query->insert($db->quoteName('teste1'));
$query->columns($db->quoteName($columns));
$query->values(implode(',', $values));
or
$query="INSERT INTO teste1('id_teste','testes','time') VALUES (4,'loucura3','".date("h:i:s")."')";
// Set the query using our newly populated query object and execute it.
$db->setQuery($query);
$db->execute();
Both options gives the following error message:
An error has occurred while processing your request.
You may not be able to visit this page because of:
an out-of-date bookmark/favourite
a mistyped address
a search engine that has an out-of-date listing for this site
you have no access to this page
Go to the Home Page
Home Page
If difficulties persist, please contact the System Administrator of this site and report the error below.
0 SQL=INSERT INTO teste1('id_teste','testes','time') VALUES (4,'loucura3','05:11:00')
I`ve seen some similar problems and their fixes and none of them workd for me any ideas?.
Try testing the sql script in mysql workbench or phpMyAdmin. Use backticks instead of single quotes around columns