Whenever my website receives too many connections, it's showing my database information.
I have specifically told PDO not to show any error messages with PDO::ERRMODE_SILENT:
$dsn = "mysql:host=" . $database['host'] . ";dbname=" . $database['db'];
$dbh = new PDO($dsn, $database['user'], $database['pass'], array(PDO::ATTR_PERSISTENT => false));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT); // <== add this line
//echo 'Connected to Database<br/>';
Furthermore I have disabled PHP errors:
error_reporting(0);
ini_set('display_errors', '0');
Why is my PDO showing my sensitive database information to everyone when there are too many connections?
Problem is you're trying to connect to the database BEFORE you set the silent attribute. So during the connection attempt, PDO is still free to scream as loudly as it wants. You need to specify silent as part of the connection attempt itself:
$dbh = new PDO($[..snip..], array(PDO::ATTR_PERSISTENT => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT));
^^^^^^^^^^^
Related
I am trying to make a simple web application using just HTML5, CSS, Javascript, and PHP. The purpose of the app is to pull data off of a remote Microsoft SQL Server Database and put the data in a schedule table based primarily off of date. I have most of my frameworking up, I am just having a lot of trouble trying to pull the data off of the database. I've tried many different driver setup and I can't seem to hit anything except a brick wall.
some of the setups I've tried are :
<code>
try {
$conn = new PDO("sqlsrv:server=$hostname; database=$dbname", $username, $pw);
$conn->setAttribute(PDO:: ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo"Connected Successfully";
}
catch(PDOException $e){
echo "Connection failed: " . $e->getMessage();
}
</code>
and
<code>
$dsn = "sqlserver:host=$hostname;dbname=$dbname;port=$port;charset=utf8");
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $username, $pw, $opt);
</code>
I am not the most versed in PHP, and I'm trying to get better. But, I've been beating my head against a wall with this one issue for almost a week now. Any help would be greatly appreciated.
Thank you very much in advance.
EDIT: for anyone who comes later to try to find an answer to a question like this, I'm not sure what I did. I never ended up editing php.ini the setup that did work was
try {
$conn = new PDO("sqlsrv:Server=<IP ADDRESS>,<PORT>;Database=<DBNAME>", $username, $pw);
$conn->setAttribute(PDO:: ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo"Connected Successfully";
}
catch(PDOException $e){
echo "Connection failed: " . $e->getMessage();
}
if you are still having trouble you can use this to print out all the drivers that are installed:
foreach(PDO::getAvailableDrivers()as $driver){
if($driver==NULL){
echo"No PDO Drivers were found";
}else{
echo $driver . "<br />";
I set up a MySQL RDS instance in AWS. After instantiating the instance I tried to connect it from my EC2's command line and it works with no issue. However, when I try connecting through my PHP code I get erros. Below is the sample code that I tried to test my connectivity.
<?php
try{
$dbh = new pdo( 'aws-test-db.hibizibi.us-west-2.rds.amazonaws.com;dbname=test',
'root',
'password',
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
die(json_encode(array('outcome' => true)));
}
catch(PDOException $ex){
die(json_encode(array('outcome' => false, 'message' => 'Unable to connect')));
}
I get {"outcome":false,"message":"Unable to connect"}. My original code is using idiorm (which uses PDO). The portion that connects with database looks like below:
# configure ORM
ORM::configure('mysql:host='.DB_SERVER.';dbname='.DB_NAME);
ORM::configure('username', DB_SERVER_USERNAME);
ORM::configure('password', DB_SERVER_PASSWORD);
From the above I get the below error trace:
SQLSTATE[HY000] [2005] Unknown MySQL server host 'aws-test-db.hibizibi.us-west-2.rds.amazonaws.com:3306' (11)
#0 /var/www/html/main/admin/applications/vendors/idiorm/idiorm.php(255): PDO->__construct('mysql:host=aws-...', 'root', 'password', NULL)
#1 /var/www/html/main/admin/applications/vendors/idiorm/idiorm.php(237): ORM::_setup_db('default')
UPDATE
I updated my test code to try connecting using mysql extension and it worked with mysql but not PDO
<?php
$servername = "aws-test-db.hizibizi.us-west-2.rds.amazonaws.com";
$username = "root";
$password = "password";
$dbname='test';
try{
$dbh = new pdo(
'mysql:'.$servername.';dbname='.$dbname.';',
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)
);
die(json_encode(array('outcome' => true)));
} catch(PDOException $ex) {
echo json_encode(array('outcome' => false, 'message' => $ex->getMessage()))."\n";
}
// Create connection
$conn = mysqli_connect($servername, $username, $password);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully\n";
Now, I am getting {"outcome":false,"message":"SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '\/var\/lib\/mysql\/mysql.sock' (2)"} while trying t connect through PDO. My attempt through mysql is successful. Seems like the problem is specifically with PDO. Is there anything I can check ?
This is a very old question, but I had the exact same issue and wanted to document it here for anyone who finds this later.
The Problem
You can connect to your database (Amazon RDS) manually from the command line.
You can connect to your database via mysqli in PHP.
You can not connect to your database via PDO in PHP.
The Solution
For me, after trying almost everything, I randomly decided to try and create a new database user. This worked and I was now able to connect via PDO.
This prompted me to investigate the issue a little further and I was able to narrow the issue down to a backslash \ character in my MySQL password.
There seems to be some kind of conflict between ENV Vars (with \), PHP and PDO.
I am currently running a web application with thousands of visitors and users connecting at the same time. I have a lot of "sleeping" connections in WHM (like 50-65).
I think I am using persistent connections, but my question is, how can I disable this?
This is how I connect to the database:
$dbh = null;
$class = 'PDO';
$database = $settings['database']; //Get the database login information. It is stored in an array();
global $database;
try {
$dsn = "mysql:host=" . $database['host'] . ";dbname=" . $database['db'];
$dbh = new PDO($dsn, $database['user'], $database['pass'], array(PDO::ATTR_PERSISTENT => true));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
//echo 'Connected to Database<br/>';
}
catch(PDOException $e)
{
echo $e->getMessage();
}
I keep getting this error:
SQLSTATE[HY000] [1040] Too many connections
Even though I have updated the max_connections in my.cnf to 5000
Can someone please help me out?
I keep getting this error : PHP PDO : Charset=UTF8 : An invalid keyword charset was specified in the dsn string.
My code is like this
function ConnectToSQLAndGetDBConnSTRVar() {
try {
$dbname = "irina";
$serverName = ".\SQLEXPRESS";
$username = "USERNAME";
$pw = "PASSWORD";
$dbh = new PDO ("sqlsrv:server=$serverName;Database=$dbname;charset=utf8","$username","$pw");
return $dbh;
}
catch (PDOException $e) {
print "Failed to get DB handle: " . $e->getMessage() . "\n";
exit;
}
}
And it doesnt matter how I write utf8.. UTF8 or UTF-8 or utf-8 none of them work for me..
So what do i do please help me..
You can find the parameters accepted in the DSN string on this page of the PHP manual.
There is no Charset parameter in DSNs for the "SQL Server" PDO driver (with the DSN prefix sqlserv:).
Bear in mind that all PDO drivers have different DSN conventions, as they are passed directly to the driver and not normalised by PDO.
There is an alternative PDO driver for SQL Server called "PDO_DBLIB", which does take charset as a DSN parameter, but it has the prefix "sybase:", "mssql:", or "dblib:", depending on compilation options.
I had same error while following the instructions from here to prevent sql injections
reading manual - it is said that prior to php 5.3.6 charset was ignored, and you can use it including options:
$dsn = 'mysql:host=' . $this->host . ';dbname=' . $this->dbname;
// Set options
$options = array(
PDO::ATTR_PERSISTENT => true,//can help to improve performance
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, //throws exceptions whenever a db error occurs
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES uft8' //>= PHP 5.3.6
);
try {
$this->conn = new PDO($dsn, $this->user, $this->pass, $options);
}
catch ( PDOException $e ) {
$this->error = $e->getMessage();
}
I have run into a very confusing issue with connecting to a database via PHP PDO using exec().
I have thrown together the following snippet to illustrate my point.
$host = "localhost";
$db_name = "some_db";
$user_name = "some_user";
$pass_word = "some_password";
try {
// assign PDO object to db variable
$dbh = new PDO("mysql:host=$host;dbname=$db_name;charset=utf8", $user_name, $pass_word, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
echo "yahoo connected";
}
catch (PDOException $e) {
//Output error - would normally log this to error file rather than output to user.
echo "Connection Error: " . $e->getMessage();
}
When I run this code via the browser it connects fine but when I run it at the command line it gives the following error:
Connection Error: SQLSTATE[28000] [1045] Access denied for user 'some_user'#'localhost' (using password: NO)
Needless to say that this is confusing as the password is indeed set as you can see in the code above and the connection works and prints yahoo to the screen in the browser. Any ideas are appreciated.
Your snippet is wrong. It ought to be without useless try-catch block:
$host = "localhost";
$db_name = "some_db";
$user_name = "some_user";
$pass_word = "some_password";
$dsn = "mysql:host=$host;dbname=$db_name;charset=utf8"
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
// other options
);
$dbh = new PDO($dsn, $user_name, $pass_word, $opt);
echo "yahoo connected";
this way you will get a complete error message,including stack trace which will show you the actual file you runs - in which there is empty password used.
it is also important to have error_reporting(E_ALL); to tell you possible issues with variables scope