In the code below there are 2 mysql connections, the issue is that the second connection gives a connection error if the password coming in from the form is anything but 123456.
Now, password coming in from the form should have nothing to do with the second connection because that password in for the new database that is made before the second conenction starts. The second connection is connecting to another database all together.
However, if i use the commented out $grantQ query, the second connection works fine. That means that the issue is got something to do with identified by '{$pass}' in the $grantQ query.
The identified by '{$pass}' query should only affect the new database that has been created. Why is it affecting the existing db that the second connection is connecting to?
please help .. sorry about the long summary !
<?php
if(isset($_POST['submit'])){
// SUPER CONNECTION
$maindb_db = "little_maindb";
$maindb_server = "localhost";
$maindb_username = "admin#littlesidegym.com";
$maindb_password = "123456";//
$conn = new mysqli($maindb_server, $maindb_username, $maindb_password, $maindb_db);
if ($conn->connect_error) {
die($contact_cus_supp);
}
//NAME OF DB FROM POST - CUSTOMER VIEW
$new_dbname = mysqli_real_escape_string($conn, $_POST['db_name']);
$new_pass = mysqli_real_escape_string($conn, $_POST['pass']);
// CREATING DATABASE
$sql = "CREATE DATABASE IF NOT EXISTS $new_dbname ";
if (!mysqli_query($conn, $sql)) {
mysqli_close($conn);
exit();
}
$host = "localhost";
$user = $_SESSION['sess_email'];
$flush_pri = "FLUSH PRIVILEGES";
$pass = $new_pass;
// GRANT USER PRIVILEGES
echo $current_project;
$grantQ = "GRANT ALL PRIVILEGES ON " . $new_dbname . ".* TO '{$user}'#'{$host}' identified by '{$pass}'";
//$grantQ = "GRANT ALL PRIVILEGES ON " . $new_dbname . ".* TO '{$user}'#'{$host}'";
if(!mysqli_query($conn,$grantQ)){
mysqli_close($conn);
exit();
}
if(!mysqli_query($conn,$flush_pri)){
mysqli_close($conn);
exit();
}
// SUPER CONNECTION CLOSE
mysqli_close($conn);
// ALTOGETHER A DIFFERENT CONNECTION
$secdb_db = "little_userdb";
$secdb_server = "localhost";
$secdb_username = "user#littlesidegym.com";
$secdb_password = "123456";//
$conn = new mysqli($secdb_server, $secdb_username, $secdb_password, $secdb_db);
if ($conn->connect_error) {
die($contact_cus_supp);
}
echo "HELLO WORLD";
?>
// FORM
echo '<table>';
echo '<form action="create_project.php" method="POST" id = "myform" name = "myform" >';
echo '<tr><th></th></tr><tr><td><input type = "text" value="" name = "db_name" class = "req alphanums" placeholder = "DB Name" ><td></tr>';
echo '<tr><th></th></tr><tr><td><input type = "password" value="" name = "pass" class = "req" placeholder = "Password" ><td></tr>';
echo '<tr><th></th></tr><tr><td><div id = "submit"><input type="submit" id = "submit" name = "submit" value = "Create Project"></div><td></tr>';
echo '</form>';
echo '</table>';
You are using the same user name for newly created database and for accessing little_userdb, thus changing its password each time.
In mysql user is identified by name and hostname mask (mysql looks for first match). So your code changes password for existing user and grants him access to the new db.
Related
This project involves connecting to a database using phpMyAdmin. I have a file named index.php which presents the user with a simple form that connects to a file for processing called functions.php. I'm using WAMP to connect everything but when I try running everything the form and submit work but after the form is submitted the next page displays nothing when it should be displaying some information even if its an error message. I really can't figure out what's wrong. I've already created the database on phpMyAdmin by importing a file containing sql code to create all my tables for a relational database. Here is the code, any help is appreciated.
index.php
<form action="functions.php" method="post">
First Name: <input type = "text" name = "Fname"><br>
<!-- Last Name: <input type = "text" name = "Lname"><br>
Commision: <input type = "text" name = "commision"><br>
Phone Number: <input type = "text" name = "phone"><br>
Job Title: <input type = "text" name = "job"><br> -->
<input type="submit">
</form>
</body>
functions.php
<?php
$host = 'localhost';
$username = 'kempenaar';
$password = 'Jayson38!';
$db_name = '3660Project';
//$Fname = $_POST["Fname"];
echo "in the script";
$conn = mysql_connect($host, $username, $password,$db_name)
if(!$conn)
{
die ('Error connecting to MySQL server.' . mysql_error());
}
$db_select = mysql_select_db($db_name);
if(!$db_select)
{
die('Can\'t use ' . $db_name . ': ' . mysql_error());
}
$sql = "INSERT INTO Employee (First_Name, Last_Name, Commision, Phone_number, Job)
VALUES ($_POST["Fname"], $_POST["Lname"], $_POST["commision"], $_POST["phone"], $_POST["job"])";
if(mysql_query($sql)){
echo "Records inserted successfully.";
header('Location: http://localhost:8888/3660Project/');
} else{
echo "ERROR: Could not able to execute $sql. " . mysql_error($conn);
}
echo "made it here";
?>
I have a PHP site that I uploaded in 000webhost. It needs a database to store data. But when I try to sign in it didn't sign in. When I check the connection it turns out the connection was fine. Still not able to access the database. So I wrote a small script to check database access and it failed. I have a table named songs which contains some songs.
Here is the script :
<?php
ob_start();
session_start();
$host = 'localhost';
$user = 'xxxxxxx';
$pass = 'xxxxxxx';
$db = 'xxxxxxx';
$timezone = date_default_timezone_set("Asia/Kolkata");
$con = new PDO("mysql:host=$host;dbname=$db", $user, $pass);
if($con)
{
echo "Connection success";
$query = mysqli_query($con, "SELECT * FROM songs");
if($query){
$tb = mysqli_fetch_array($query);
print_r($tb);
}
else {
echo " failed db access";
}
}
else {
echo " connection failed";
}
?>
The details have been kept hidden for security reasons.
The above script gives the following output:
Connection success failed db access
It doesn't work, because you're using PDO for connection and mysqli to query. Change your connection to mysqli
$con = new mysqli($servername, $username, $password, $dbname);
or change your query to PDO
$query = $con->query("SELECT * FROM songs");
The output you are showing is misleading, failed db access. As per below code, database was connected successfully and you were executing query, which didn't executed it seems and flow going to else block.
if($query){
// your code
}
else {
echo " failed db access";
}
You need to check,
If you are using same user credentials and has access to the table.
If same table exists
If you have provided correct database details where you have created tables.
==Updated==
As I mentioned earlier, user might not have sufficient privilege to access songs table. To GRANT access, you need to execute following SQL
GRANT ALL PRIVILEGES ON *.* TO '<username>'#'localhost; WITH GRANT OPTION;
MySql inputs data(image) in wrong user ID i.e when I upload an image, it goes into the wrong user ID created by the database. Database creates new IDs automatically as seen in attached image. I dont know what's wrong. Also I'm uploading via a modal window.view image here
<?php
include_once('server.php');
if (isset($_POST['submit']))
{
$file = addslashes(file_get_contents($_FILES["image"]["tmp_name"]));
$query = "INSERT INTO company(image) VALUES ('$file')";
if(mysqli_query($conn, $query))
{
echo '<script>alert("Image Uploaded Successfully")</script>';
}
}
?>
This is the 'server.php' script.
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'rocco';
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(!$conn){
echo 'Connection Error '.mysqli_connect_error();
}
you mean there is a table with users id and you have a new column for images to each of userid right?
if so then you should using UPDATE not INSERT that's why you get a new row of userid in database when you try to insert new image
I'm trying to make a web/login page, where if a user is in certain location then they can be able to insert data in the database based on their location.
For example, if we have two users bob and max, one in A(bob) and the other in B(max).
If bob logs into the system username... bob password... 123 location.. A, he should be able to to insert his data on the database located on his PC same as max but they should use a single application.
Now my question is how can I achieve this. For example I've a login script below which is communicating with my localhost (A) and i also want to include a remote connection to my other PC on the LAN (B), using Mysql database installed on both computers, I can connect to Mysql database using Mysql workbench but how can I do it using a script in PHP?
login page
<?php
if(isset($_POST['login'])){
include 'includes/config.php';
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$query = "SELECT * FROM admin WHERE uname = '$uname' AND pass = '$pass'";
$rs = $conn->query($query);
$num = $rs->num_rows;
$rows = $rs->fetch_assoc();
if($num > 0){
session_start();
$_SESSION['uname'] = $rows['uname'];
$_SESSION['pass'] = $rows['pass'];
echo "<script type = \"text/javascript\">
alert(\"Login Successful.................\");
window.location = (\"admin/index.php\")
</script>";
} else{
echo "<script type = \"text/javascript\">
alert(\"Login Failed. Try Again................\");
window.location = (\"login.php\")
</script>";
}
}
?>
connection.php
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "cars";
$conn = new mysqli($host, $user, $pass, $db);
if($conn->connect_error){
echo "Failed:" . $conn->connect_error;
}
?>
Configuring two connection scripts is what i have in mind, but i don't
think it will work.
Any suggestions would be appreciated.
Thanks
I am new here and noob in programming.
I have created a script that can change a database column but now I want to take database login info from user's and the changed value from user's when they give all info correctly the script changed the database column info which was given by the user's.
Here is my login.html source code :
<html>
<center>
<form action="db.php" method="post">
DB Host: <input type="text" name="host"><br>
DB Username: <input type="text" name="usr"><br>
DB Password: <input type="password" name="psw"><br>
DB Name: <input type="text" name="dbname"><br><br><br>
Admin changed Username: <input type="text" name="admusr"><br>
Admin Changed Password: <input type="password" name="admpsw"><br>
<input type="submit">
</form>
</center>
</html>
and here is my db.php source code which can update database column info manually
<?php
$servername = "localhost";
$username = "admin";
$dbname = "mydb";
$password = "1234";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
mysqli_select_db($conn,"$dbname");
$sql = "UPDATE admins SET user_login='admin1',user_pass='1234' WHERE id=1";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Is it possible to take value from user's and changed the database column info?
Sorry for bad english.
It's very bad idea... loads of security issues. But if you want to change it from received form values just change your query to this:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
// use them in query
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
You got more field which is user filling... I don't know your exact table structure. But if you want to use all of them just add received escaped values to your query:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
$host = $conn->real_escape_string($_POST['host']);
$dbname = $conn->real_escape_string($_POST['dbname']);
$admusr = $conn->real_escape_string($_POST['admusr']);
$admpsw = $conn->real_escape_string($_POST['admpsw']);
// use all of them in query depending on your table structure
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
Use $_POST variable to retrieve data that user entered on login.html page
like in db.php for $servername and $username use
$servername = $_POST['host'];
$username = $_POST['usr'];