I see the command to set up a user account on mySQL is:
CREATE USER 'userName'#'localhost' IDENTIFIED BY 'some_pass';
For the localhost, do I keep that local host if I want the user to be able to insert from another ip adress that the mySQL DB is not on?
Also if I was creating a connecting class to match the above, would it look like this:
<?php
class myConnect extends mysqli{
public function __construct($hostname='localhost',
$user='userName',
$password='some_pass',
$dbname='dbName'){
parent::__construct($hostname, $user, $password, $dbname);
}
}
?>
Again I am concerned about the localhost part in the php class above. Basically the php is not goign to be on the same server as the database.
Update:
Tried the answer below but am getting this php error still:
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2003): Can't connect to MySQL server on 'mySQLIP' (111) in /home4/m133414/public_html/myDigitalOcean.php on line 12
If php is installed on a different server than MySQL, you need to change localhost to whatever the IP address is that the MySQL sees the php server as. That's in the user creation. If you want it avaiable from anywhere, change localhost to '%'
In php, in place of localhost, put the IP address of the MySQL server.
If your PHP server has a separate IP address or host name than the MySQL server, use the PHP server's IP/hostname in the grant statement
CREATE USER 'userName'#'php.server.ip.goes.here' IDENTIFIED BY 'some_pass';
If you want users to be able to connect to your server from anywhere, you can use a wildcard:
CREATE USER 'userName'#'%' IDENTIFIED BY 'some_pass';
though this is generally insecure.
You should use 'localhost' if you want users to be able to connect to your server only from the same IP/host as your MySQL server. This would be appropriate in situations where your webserver is on the same host as the MySQL server.
Mysql is very picky about user account string formatting, and in particular treats the hostname 'localhost' as special (and exactly how depends on the version).
If the hostname is 'localhost' then many mysql versions will use a local Unix Socket (and not TCP/IP) to connect. If you use a DNS name such as mysql.server.example.org, be aware that you need to include exactly the string mysql sees on connect: it's not 'intelligent' in saying 'mysql' is the same thing, for example.
Be aware also that creating a user does not give it permission to do anything. You will normally need to use GRANT to do that as well. You can grant permission to the whole server (not recommended!) or to all tables in a database, or even to individual tables. I would strongly recommend testing using 'phpmyadmin' to investigate this if needed.
Finally, I'm just slightly worried that you are conflating user-of-mysql and user-of-application. Normally, the mysql user table is not used for application level users (e.g. website profiles). I say this because DB user creation is often a one-off thing and so doesn't need application code to do it...
Related
I am trying to connect to a MYSQL database on server A from server B. The hosting company that we are working with, owns both server A and server B. This is my first attempt at an external DB connection.
I have written the following PHP code to try to connect to the MYSQL database on server A from server B. The code looks like most other code I have Googled in regards to connecting to external MYSQL databases..
$IPAddress_O_fServer_A = 'XXX.XX.XX.XXX';
$Server_A_DB_Pass = 'P-WORD';
$Server_A_DB_User = 'U-NAME';
$con = mysql_connect($IPAddress_Of_Server_A, $Server_A_DB_User, $Server_A_DB_Pass);
Now when this code executes on Server B, I get this error:
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'XXX.XX.XX.XXX' (4) in /var/www/web12/web/dev/front-end.php on line 10
Could not connect: Can't connect to MySQL server on XXX.XX.XX.XXX' (4)
...where line 10 is the mysql_connect() call.
Does anyone see anything wrong with this code?
If the connection is not working would it be safe to say that there must be an issue with either the servers external connection permissions or some other settings?
Thanks!
First off I'd look at this and make sure that you're system is configured to allow remote access.
Secondly the user name "U-NAME" will actually be "U-NAME#localhost" and will have permissions set up as such. For example consider the following GRANT statement.
GRANT SELECT *
ON foo.bar
TO 'U-NAME'#'localhost'
The user name "U-NAME" has permission to select entries from the database foo, table bar, but it is exclusively localhost access. In order to allow remote you'd have to grant permissions similarly to the following.
GRANT SELECT *
ON foo.bar
TO 'U-NAME'#'xx.xx.xx.xx'
I am currently accessing the database by $_SESSION['connection'] = odbc_connect('Driver={MySQL ODBC 5.1 Driver};Server=localhost;Database=mysql;Option=3;', 'root', '');
Apart fromt the fact that I need to get a password put on that account (and maybe even use another account than root? And probably change the databse name?), I want to write some code which I can disrtribute to be installed at several sites.
I want to use the same code at each site, although I can't know the IP addresses in advance. How do I go about that? Do I just tell their IT guy to set a DNS trandlation for something like myDatabaseServer and then substitue Server=localhost by Server=myDatabaseServer in the odbc_connect() call? Or do I need to do somehing with the ODBC manager in the Windows control panel?
Hmmm, I should probably obfuscate or comple the code before ditributing it...
Update: I found this question which said
In your MySQL configuration file (my.cnf), you need the following at least:
port = 3306 # Port MySQL listens on
bind-address = 192.168.1.15 # IP address of your server
# skip-networking # This should be commented out to enable networking
I presume thatbind-address coudl be myDatabaseServer, so that I don't need to edit the config file for each remote site(?)
It also said GRANT ALL ON test.* TO 'root'#'192.168.1.15' IDENTIFIED BY ''; So that is a command that has to be run once on the databse? But I can't know the IP adress in advance? In fact, multiple users may need access - can I wildcard it to 192.168..? Is thus really, really needed? Is there any way that I can dconfigure it once, not knowing in advance which range of netwrok addresses each user will use (I know that it sounds insecure, but could I just grant access to everyone and rely on password protection, plus no outsiders knowing that the databse is there?)
The bind-address can only be set to an IP address, not a domain name, and refers to the outgoing IP address that the mysql server will bind to.
However, when connecting externally, you can always just set the bind-address to 0.0.0.0 that way the mysql server will accept incoming 3306 connections on any interface it has access to. The admin side would look after naming the server, and you can connect to it by that name.
Once that is set correctly you just need the appropriate user credentials set up, so that an external user can connect from a given IP (or pattern).
e.g.
GRANT ALL PRIVILEGES ON *.* TO USERNAME#IP IDENTIFIED BY "PASSWORD";
See here for external IP patterns.
Of course, you should use a limited access account in general, and allow access to only specific database/tables (db.* is usually acceptable)
Just to add to Slomojo's accurate answer: Don't forget to flush privileges; in mysql after making any changes to privileges.
Ok, If you can answer this question, you deserve the nobel peace prize. Anyways, here's the situation.
I'm using Slicehost dot net, and I have 2 slices (two different IPs). One slice is my mail server and the other is my normal website. I'm running Ubuntu (8.04 or 8.10, something like that, it shouldn't matter). What I'm trying to do is access the MySQL database on the Mail server from the other slice. I'm trying to do that with PHP. I really appreciate any help.
mysql_connect()
$resource = mysql_connect('other-server-address.com', 'username', 'password');
The first parameter is the mysql server address.
Server Param
The MySQL server. It can also include
a port number. e.g. "hostname:port" or
a path to a local socket e.g.
":/path/to/socket" for the localhost.
If the PHP directive
mysql.default_host is undefined
(default), then the default value is
'localhost:3306'. In SQL safe mode,
this parameter is ignored and value
'localhost:3306' is always used.
Unless I'm misunderstanding... this setup is pretty common. Any trouble you're having might be related to the following:
Firewall settings
Grant access to the mysql user to connect from the other host
my.ini settings not allowing outside connections
Some other related SO questions:
Connecting to MySQL from other machines
How do I enable external access to MySQL Server?
php access to remote database
How to make mysql accept connections externally
Remote mysql connection
Assuming your mail server is at IP 192.168.1.20 and web server is 192.168.1.30
First of all you need to allow the web server to access the mysql database on your Mail server .
On 192.168.1.20 you run the mysql command and grant access on the database needed to your web server
mysql> grant all on mydb.* to 'someuser'#'192.168.1.30' identified by 'secretpass;
Your PHP code connects to that database with something like:
$conn = mysql_connect('192.168.1.20', 'someuser', 'secretpass');
mysql_connect() returns a link identifier if the connection is successful. Also you have to do is keep the references to both links.
When you want to use which ever link, simply include the link as an argument.
$link1 = mysql_connect($host1, $username1, $password1);
$link2 = mysql_connect($host2, $username2, $password2);
$r = mysql_query(QUERY, $link1);
Simple as that.
What possible reasons could exist for MySQL giving the error “Access denied for user 'xxx'#'yyy'” when trying to access a database using PHP-mysqli and working fine when using the command-line mysql tool with exactly the same username, password, socket, database and host?
Update:
There were indeed three users in the mysql.user table, each one with a different host (but with the same hashed password), one was set to localhost, one to 127.0.0.1 and one to the machine’s host name. Deleting two of them and changing the host of the third to “%” had only one effect: now the access is denied using the command-line tool also.
I did do a
select user();
before that in the command line and it yielded the same xxx#yyy that were denied in php.
Sometimes in php/mysql there is a difference between localhost and 127.0.0.1
In mysql you grant access based on the host name, for localusers this would be localhost.
I have seen php trying to connect with 'myservername' instead of localhost allthough in the config 'localhost' was defined.
Try to grant access in mysql for 127.0.0.1 and connect in php over 127.0.0.1 port 3306.
In case anyone’s still interested: I never did solve this particular problem. It really seems like the problem was with the hardware I was running MySQL on. I’ve never seen anything remotely like it since.
After I read your update I would suspect an error in/with the password.
Are you using "strange" characters in your PW (something likely to cause utf-8/iso encoding problems)?
Using % in the Host field would allow the user to connect from any host. So the only thing that could be wrong would be the password.
Can you create another user. whith the "grant all on all for '...'#'%' identiefied by 'somesimplepw'" syntax, and try to connect with that user?
Don't forget to 'flush privelidges'
For info on how to create a new user klick here
Today the FTP service of my web hosting provider is having some trouble, so I decide to realize a local virtual webserver for working on my website. I have installed EasyPHP 14.1 with phpMyAdmin and I have created my user and my database with tables.
First attempt: failed. I realized that the table I was looking for didn't exist. -> I solved creating the missing table.
Second attempt: failed. I realized that username that I set for my new user was diffrent from the username I used for my connection. -> I edited username.
Third attempt: failed. I realized that new database name was diffrent from database name I use for connection in my site. -> I edited db name.
Forth attempt: failed. I realized that between privileges of my new user there wasn't "Grant". I don't even know what "Grant" means, but let's try to enable it -> Added "Grant" privilege.
Fifth attempt: I win!
I hope my little adventure could help someone. =)
Help!
I have a PHP (PHP 5.2.5) script on HOST1 trying to connect to an MySql database HOST2. Both hosts are in Shared Host environments controlled through CPanel.
HOST2 is set to allow remote database connections from HOST1.
The PHP connect I'm using is:-
$h2 = IPADDRESS;
$dbu = DBUSER;
$dbp = DBPASS;
$DBlink = mysql_connect($h2, $dbu, $dbp);
This always fails with:-
Access denied for user '<dbusername>'#'***SOMESTRING***' (using password: YES)
nb: SOMESTRING looks like it could be something to do with the shared host environment.
Any ideas???
BTW: I can make remote connections to HOST2 from my laptop using OpenOffice via ODBC, and SQLyog. The SQLyog and ODBC settings are exactly the same as the PHP script is trying to use.
somestring is probably the reverse-lookup for your web-server.
Can you modify privileges from your cPanel? Have you done anything to allow access from your workstation (ODBC)?
The error-message seems to indicate that you have network-access to the mysql-server, but not privileges for your username from that specific host.
If you're allowed to grant privileges for your database, invoking:
GRANT SELECT ON database.* TO username#ip.address.of.host1 IDENTIFIED BY 'password'
might work for you. I just wrote this out of my head, you might want to doublecheck the syntax in mysql-docs.
Have you read the MySQL documentation on Causes of Access denied Errors?
Have you contacted support for your hosting provider? They should have access to troubleshoot the database connection. People on the internet do not have access.
Do you need to specify the database name? Your account might have access to connect only to a specific database. The mysql_connect() function does not allow you do specify the database, but new mysqli() does. I'm not sure if this is relevant -- it might allow you to connect but give you errors when you try to query tables that aren't in your database.
Are you sure you're using the right password? MySQL allows each account to have a different password per client host. Admittedly, this is not a common configuration, but it's possible. Your hosting provider should be able to tell you.
Just some ideas:
HOST1 does not have remote access to HOST2 (shared host is disallowing)
MySQL account does not have access from HOST1 (IP address specified on account creation, or wildcard)
Edit:
In response to your comment, I meant that HOST1 cannot get to the MySQL port on HOST2. Web services will work, of course, because port 80 is open to the public. As another user pointed out though, you are getting a response, so you are reaching it. I would try specifying the DB, and double checking the account creation command you ran.
For the second piece, I meant this: http://dev.mysql.com/doc/refman/5.0/en/adding-users.html
You can specify what host the username can connect from. If it isn't set to HOST2's IP or the wildcard, HOST2 can't log in with those credentials.
The error message means that you can contact the mySql server, but the user you are trying to log in as, does not have access.
Either the user does not have access at all, or it has access locally, but not from the host you are connecting from.
You should try to use the hostname and port like $h2 = IPADDRESS:3307;