I've been scouring the internet and attempting to troubleshoot this issue for hours and finally caved and decided to ask for help directly.
I'm running a linux dedicated server and need to load data into my mysql database by running a mysql query executed from a php page on the host machine.
The problem I'm having is I have no idea what the directory structure needs to look like in order to actually find my file and have it be uploaded. I'll give an example below.
LOAD DATA INFILE 'WHAT IN THE WORLD GOES HERE TO MAKE THIS WORK?'
INTO TABLE customers
The error that returns every time I try to run this is
Error Code: 1045. Access denied for user
I've already checked the permissions and the user has FULL permissions on the appropriate database. From my own research I have found that it can throw this error for a few reasons, one of which being that it cannot find the file I am trying to upload.
My file structure after you get into the public_html folder is as follows:
reports/uploads/fileName.csv
Thanks for any help in advance! This has been driving me insane. If I've just been doing this entirely the wrong way, or there is an easier way to accomplish what I am doing I'm also open to suggestions on that front.
As explained in the documentation:
If the file name is an absolute path name, the server uses it as given.
If the file name is a relative path name with one or more leading components, the server searches for the file relative to the server's data directory.
If a file name with no leading components is given, the server looks for the file in the database directory of the default database.
The public_html folder is irrelevant, since the file is being read by the MySQL server. If your webserver and database servers are different machines, and you're trying to load a file from the client, not the server, you need to use LOAD DATA LOCAL INFILE to specify that. Then the filename will be interpreted relative to the working directory of the client application.
Some thoughts: to use LOAD DATA INFILE on a file present on the server, the user performing the load data must have the FILE privileges. If the file is present client side, use LOAD DATA LOCAL INFILE.
This link is useful: http://dev.mysql.com/doc/refman/5.1/en/load-data.html
It's usually good to test the LOAD FILE with a file in an easily accessible location, such as /tmp to confirm that the privileges are okay. Then you can start to debug access issues to the location where your real file is located.
Hope this helps.
Related
So I was wondering about requirements regarding File-Setup to an online Server, as I'm actually using a Localhost.
Document Root: I use the $_SERVER['DOCUMENT_ROOT'] / http / folder / file.php to navigate to all my files:
if I change to a Server, I do not have to make any changes regarding the path?
file privancy: Mostly, I use classes & methods in those files.
If I upload all Files to the Server, does a user have access to them (eg. typing url/folder/file) & isit possible to process/access them somehow as external user?
How to provent this the most easy way? (I heard about .htaccess, or using Server-rootfolder), but there is a simple php code to check if its a linked file?
There are any other very important remarks regarding FILE setup from localhost to public Server? So, user are not able access sensitive data from Files (eg. DB Connection, datahandling, etc.)
Thank you very much for your help :)
I am trying to import a cities .sql file into my table.
I am using this github repository:
https://github.com/JoshSmith/worldwide-city-database
I have created the table, like it says in the repository,
but when it comes to importing the cities.sql I get an error.
LOAD DATA INFILE "/tmp/test_data/cities.sql"
INTO TABLE cities
FIELDS TERMINATED BY '\t'
LINES TERMINATED BY '\n'
(combined, population, country_code, region, latitude, longitude);
I also have a picture of it:
I mention that I am using a Mac, have read all the solutions and tried them out, but didn't work. I also made sure my file is in MAMP/tmp/.
EDIT: Sorry for the confusion from the image -> sql query. I have the file in /tmp/test_data/ . I have modified the query to look there.
You have the cities.sql? then you need to create new database ,give name:cities then import into cities your cities.sql file.
You indicated you had the file in MAMP/temp/ ...but the error indicates it's looking for the file in /tmp/test_data/. Check your tmp vs temp.
I suggest that you use the phpMyAdmin UploadDir feature instead. Due to various permissions issues, security means, and other idiosyncrasies those processes can be blocked from reading this file even though you provide the complete path. Using the phpMyAdmin UploadDir, you basically create a folder (mine is a subdirectory of my phpMyAdmin installation), add the directive to config.inc.php, and copy the file in there. phpMyAdmin shows it in a dropdown on the Import page. Again, you need proper permissions on the file and folder, but I find it easier than LOAD DATA INFILE.
If you prefer to continue to try the MySQL method, my guess is that it's a permissions problem. Make sure the webserver and MySQL processes have the proper permissions on the .sql file (and perhaps also on the directory it's in, though that probably shouldn't matter). Your webserver and MySQL error logs might have hints, also.
I know it a silly question but last night when I was working with my website's .properties file, I discovered this idea. I am using PHP script for my website where I have stored all my site properties values like image path, secure path.. etc in website.properties file. But I need to include this .properties file in each and every webpages to access the values in it.
My question is, like .htaccess file, can I add this .propeties file into server configuration? Is there any option available to sync this file with server configuration? Is Apache allowing us to do? In this case I don't need to add this file in every pages.
Look to the side of enviromental variables in Apache and PHP:
http://php.net/manual/en/function.apache-getenv.php
http://www.php.net/manual/en/function.apache-setenv.php
http://httpd.apache.org/docs/2.2/env.html
I need to connect to a mysql database using PHP. I am storing my login, user, password, and other info in a separate php file (let's say "mysql_connect.php") and then accessing it via require_once (mysql_connect.php) in a different file.
I have done a bit of googling and I know that I am supposed to keep "mysql_connect.php" out of the web root. I have moved it outside of the html folder and tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that. Upon googling that, the internet says that its because it can't locate the file i'm referencing. When I move mysql_connect.php into a folder below root, everything works fine. The issue is because it is moved outside of the web root (i think).
I have been googling for two days now and cannot find a detailed explanation on how to get this to work. Something about changing the .htaccess file? I've read a bunch of articles on the theory but I am really looking for a step-by-step tutorial (I am a beginner). The only step-by-step tutorials I can find just tell you to put the config.php file into the same folder which is not secure.
Also in reading, it says that putting mysql_connect.php above root might not be THE most secure way to store the information as it is still basically just a .txt file and it can be retrieved easily(like downloading it). I am looking for a balance between secure and also do-able (for a beginner like myself). The mysql database I am trying to protect will not have any personal information and I plan on using a dedicated server (with no other information on it).
Can any one help me to solve this issue?
it gives me an error "function not found" or something like that.
This.
Is your main problem.
You either didn't bother to read this error message yourself nor didn't bring it here to help us to help you.
While
there is no problem in having this file below document_root,
and there is no problem in having this file above document root either,
the only problem you have is to assign a correct filename.
And the error message you got could help you more than 1000 volunteers from this site.
Despite of that, you can use PHP predefined variable to make this path work from whatever part of your site. Aassuming the file is one level above the document root, the code would be
require($_SERVER['DOCUMENT_ROOT']."/../mysql_connect.php");
however, this one may produce an error too, as nobody knows a real file locations. Thus, you may read the error message and corect the paths. Or post it here and get an interpretation
You can store the database information inside your web server configuration.
If you run Apache you can use SetEnv inside the VirtualHost. Since you're still on a shared host, your server admin probably need to help you with this. You can read more about this approach here.
... tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that.
Include the connection details with:
require_once("../../mysql_connect.php");
This assumes that the file mysql_connect.php is two levels up from the currently executing script.
The database connection details will always be able to be read by whomever has administrative access to the server. It is not feasible to encrypt the file, because you would still need to store whatever key or password needed to decrypt it on the server as well, which would still not hide it from the server administrators.
Besides moving out of the web-root (which is a good step forward) an approach I've seen used is:
// at the top of your index or bootstrap file
define('SECURED', true);
And:
// at the top of any file subsequently included, such as mysql_connect.php
if(!defined('SECURED'))
{
exit();
}
This will at least prevent the file(s) from being accessed (executed) directly. This is helpful is the to-be-included files would otherwise issue a warning or error, that could potentially dump sensitive data as output.
If you're in a shared hosting environment you won't be allowed access outside of document root (most likely). You will need the password therefore it won't be completely secure. Instead, you can look into creating seperate mysql users with priviledges and limiting connections to to local accesses only.
i know i'm new, but something as simple as form for your login should be checked in order for it to work.
<form action="insertphpfilepath.php" method="POST">
and then in "insertphpfilepath.php", would have the mysql_query to check the login and password, not forgetting the mysql_query for connecting to the database and table using the right username and password .
a newbie recommendation to you for use mysql_real_escape_string for any $_POST['login'] so that it would become $login=mysql_real_escape_string($_POST['login']); for evading mysql injection.
This may be a really stupid question...I started worrying last night that there might be someway to view PHP files on a server via a browser or someother means on a client machine.
My worry is, I have an include file that contains the database username and password. If there were a way to put the address of this file in to a browser or some other system and see the code itself then it would be an issue for obvious reasons.
Is this a legitimate concern?
If so how do people go about preventing this?
Not if your server is configured right. I think discussion on how that is done belongs on serverfault.
To add on to the other answers:
If you use a file extension like .inc there's indeed a higher risk. Can you open the file directly in your browser?
The most important advice is missing:
Only the files that should be accessed by a browser, should be in a publicly accessible location. All the other code (and configuration) should be in a completely separate directory.
For example
root
- webroot
- includes
- config
Only 'webroot' is exposed by your webserver (apache). Webroot can for example contain a single index.php, along with all your assets (javascript, css, images).
Any code index.php needs to load comes from 'includes' and all the configuration from 'config'. There's no way a user could ever directly access anything from those 2 directories, provided this is done correctly.
This depends on the file extension you have given the include file.
If the extension is one that is known and executed by the web server, it will be protected. If you browse to the file, the server will try to execute the code rather than just returning it as plain text.
If the extension is not known by the web server it will serve it as plain data, so anyone (who can guess the file name) can browse to the file and see the source code.
A Directory Traversal Vulnerability can used to obtain files off of the remote mahine. Alternatively you can use MySQL based sql injection to read files using load_file(). You can also test your system with w3af's urlfuzzer which will look for "backup files", such as index.php.zip. Also make sure that all files have .php extensions, a .inc can be viewed from the public. I would also disable Apache directory listing.
Normally there should be no way to view the PHP files remotely... it would be absolutely pointless. This completely depends on what web server you are using and how it's setup though.
Having looked around I can see that it is possible to protect a directory via the .htaccess by adding these lines:
Order allow,deny
Deny from all
This apparently protects the directory so that only local non web-access is possible.
This allows me to keep my includes in a subdirectory of the main site directory which is good for organisation and it can be used on the projects where I do not have access to folders outside the web root.
Does anyone else use this method?
Just for good measure I've put the directory permissions to execute only.
And the include extension is PHP as suggested by others.