does anyone know if there's a script out there that will create a mysql database automatically instead of having to go into cpanel and create a database, username and password manually?
thanks
You cannot create a username and password unless you log in yourself with a user with a higher level. That's usually the root. Creating database is a breeze after using the username and password with sufficient privileges.
<?php
$dsn = $dsn = "mysql:host=localhost";
$pdo = new PDO($dsn,"root","");
//Creation of user "user_name"
$pdo->query("CREATE USER 'user_name'#'%' IDENTIFIED BY 'pass_word';");
//Creation of database "new_db"
$pdo->query("CREATE DATABASE `new_db`;");
//Adding all privileges on our newly created database
$pdo->query("GRANT ALL PRIVILEGES on `new_db`.* TO 'user_name'#'%';");
?>
In this script, I assumed your root user is called "root" and its password is empty if that's not the case, change line 4 to match.
you cannot create new user without logging in.
You can create database with root account or user with privileges
<?php
mysql_connect("localhost", "root", "gm123") or die(mysql_error());
mysql_query("CREATE DATABASE cat") or die(mysql_error());
mysql_select_db("cat") or die(mysql_error());
mysql_query("CREATE TABLE user(username varchar(20), password varchar(20), permission varchar(20))") or die(mysql_error());
mysql_query("INSERT INTO user(username,password,permission) VALUES('gm','311807','admin')") or die(mysql_error());
mysql_query("CREATE TABLE cattbl(id INT NOT NULL PRIMARY KEY ,name VARCHAR(30),roll INT NOT NULL,technology VARCHAR(30),semister VARCHAR(30),shift VARCHAR(30),bdate varchar(30),cell VARCHAR(30),address VARCHAR(30),picture LONGBLOB)") or die(mysql_error());
header("Location: index.php");
?>
you may try this for your problem
i have just been doing this on my project
the actual answer is you can but it's a little complicated.
Cpanel doesnt allow you to use the normal "CREATE DATABASE 'mydbname';" in a php script to create a new database.
the only way you can do it is via logging on to your cpanel, going through the database wizard and creating a new one. Up until now you have probably been doing this manually each time.
this can been done with a php script but you have to use an api - which kind of goes through those same actions but automatically. You have to give the api your cpanel username and cpanel password.
just follow the answer to this question
Create cpanel database through php script
hope that helps
require_once 'database.php' add this line of code your index.php
$servername = 'localhost';
$username= 'root';
$password ='';
$conn = new mysqli($servername,$username,$password);
if($conn->connect_error)
{
die("Connection Failed !" . $conn->connect_error());
}
else
{
$sql = "CREATE DATABASE test_employee";
if($conn->query($sql)== TRUE )
{
echo "Database Created Successfully";
}
}
You definitely can! You can use PHP.
First you need to connect to the database. Then you need to run a SQL query on that database that creates the database. (which is essentially what cpanel does)
EDIT: Updated since my_sql is deprecated
Heres a stackoverflow post on how to do it...
Can I create a database using PDO in PHP
Related
I install easyphp/devserver (v17.0) in a windows 10 x64 machine.
Working with tables and testing to store remote data with simple php files (very new with DataBases).
I'm trying to setup an access to my DB for my project (preferably using PDO).
Setup all database through mysql commands:
CREATE database arduDB;
CREATE USER 'Atmega'#'localhost';
GRANT USAGE on *.* to 'Atmega'#'localhost';
GRANT ALL PRIVILEGES ON arduDB.* TO 'Atmega'#'localhost';
CREATE USER 'Atmega'#'%';
GRANT USAGE on *.* to 'Atmega'#'%';
GRANT ALL PRIVILEGES ON arduDB.* TO 'Atmega'#'%';
FLUSH PRIVILEGES;
All fine up here.
But can't access to my DB (arduDB) using PDO, but can using MYSQLI without using DB name 'arduDB'.
I deleted '' (Any) users from phpmyadmin, but still can't access using PDO.
Searched and reading all day about this issue, but can't find a reason why happen this.
As well I create another user with a password, but can't access using PDO to DB neither.
It seems that phpmyadmin can't relate the permissions of the DBs,
edited
This 'add.php', without using 'arduDB' name give access through MYSQLI:
<?php
$servername = "localhost";
$username = "Atmega";
// Create connection
$conn = new mysqli($servername, $username);
// Check connection
if ($conn->connect_error) {
die("Failed: " . $conn->connect_error);
}
echo "Connected!!!";
?>
shows "Connected" in web browser. But same error if I try to use arduDB argument.
But when I use PDO, indicating arduDB database, I can't access to my DB.
<?php
$servername = "localhost";
$username = "Atmega";
try {
$conn = new PDO("mysql:host=$servername;dbname=arduDB", $username);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected!!!";
}
catch(PDOException $e)
{
echo "Failed: " . $e->getMessage();
}
?>
SQLSTATE[HY000] [1044] Access denied for user ''#'localhost' to database 'ardudb'
or
SQLSTATE[HY000] [1044] Access denied for user 'Atmega'#'localhost' to database 'ardudb'
Please, what can I need to configure or use in my code to grant access to a specific DB using PDO in my project?
Finlay I found the response.
Like André Verwijs says in his post, phpmyadmins use "unix_socket" to store user passwords in 'mysql' db. This is the motive that even if create or change password for any user, in 'User accounts' section of phpmyadmin always appears "NO" in PASSWORD COLUMN.
To solve this André Verwijs suggests do this in mysql console:
use mysql;
SELECT user, plugin FROM user;
UPDATE user SET plugin="mysql_native_password";
update user set authentication_string=password('USE-HERE-PASSWORD'), plugin='mysql_native_password' where user='Atmega';
FLUSH PRIVILEGES;
With this phpmyadmin will use plugin "mysql_native_password" for passwords in mysql DB. And now can access to my DB whit correct user and password (or without password).
I want to send form data to a server online.
At the moment i'm using xampp so the username and password are 'root' and ''
If I was to put this online I would have to put my hosting login details. Is that correct?
Clearly that would be a very serious security issue as anybody could see it written in my process file.
I have found a lot of info about prepared statements to prevent SQL injection but nothing about how to hide username/password, which I would have thought would be a bigger thing.
Am I missing something essential about usernames/passwords?
(I am not trying to create user login accounts, just basic newsletter signup)
<?
// database details
$servername = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';
// form submission
$email=$_POST['email'];
// connect to database
mysql_connect($servername, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
mysql_query("INSERT INTO newsletter VALUES ('$email')");
Print "Your information has been successfully added to the database.";
mysql_close();
?>
Update:
Ok, so I have since included prepared statements into my code, and it now looks like this:
<?php
// database details
$servername = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';
// form submission
$email=$_POST['email'];
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO scenariosubmission (Email) VALUES (?)");
$stmt->bind_param("s", $email);
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
My code should prevent SQL injection
So what I want to know is if I was to enter my username password database and upload this to the server, would those details be safe if I uploaded them like any other web page to public_html?
So when you move this to your hosting, the code will be something like this:
<?
// database details
$servername = 'localhost';
$username = 'your userid with your hosting company';
$password = 'hosting company provided mysql password';
$database = '';
Will that be a big security issue of everyone being able to see your MySQL password?
Not really, because only you and the people working for the hosting company should be able to see the PHP code. And the people working at the hosting company will have the root password to the database anyway, so they could look at what you have in the database without your particular mysql credentials.
But using <? rather than <?php may cause your code to be transmitted instead of run on some server setups. So if you upload it that way, initially some users may end up seeing the passwords you have in the code before you figure it out and fix it.
Another more serious issue than this is if the hosting company has you using phpmyadmin over http rather than https, because every time you login to it your credentials will be transmitted in plain text.
Well there a couple of things in play here.
Since you mentioned SQLi and considering you're using PHP + MySQL, you should look into doing prepared statements, by using the prepare(), bind() and execute() functions.
Second, even before thinking about putting something online or using SQL properly is to change the default username/password.
Now if you want to put your server online, I'm assuming you have a server or the credentials to someplace where you can ran either XAMP or configure its services by hand. Anyway, those credentials are the Database's, which are different from your host server login credentials.
As long as that .php file is properly secured on the server, it's common practice to have the username/password there in the file.
I've created a simple script using PHP and MySQLi. The purpose is to create a new user on a MySQL server, however I get this error message: "user create query failed:Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation."
$db = "xsxx";
$user = $_POST["user"];
$pass = $_POST["pass"];
$con=mysqli_connect('127.0.0.1',"root","",$db);
$cruser= "CREATE USER '".$user."'#'localhost' IDENTIFIED BY '".$pass."';";
#mysqli_query($con, $gruser) or die(mysqli_connect_error());
if(mysql_query($cruser)){
echo 'user created<br/>';
} else{
echo 'user create query failed:'.mysql_error().'<br/>';
}
mysqli_close($con);
Anyone know what I'm doing wrong? If it's important, I'm using XAMPP for the MYSQL server. Thanks in advance.
You are mixing the old and new style mysql calls (mysql vs mysqli).
The mysql_query call you are issuing will use whatever username and password was specified during the mysql_connect call, and importantly, not the username and password you specified in the mysqli_connect call.
If you are not issuing a mysql_connect() yourself (it's not shown in the code you posted) then the mysql_query will call mysql_connect with no arguments which leads to a blank username and password.
By whichever method it's being called, the mysql_connect user does not have the "CREATE USER" privilege and so the error message is generated.
You can use SHOW GRANTS FOR 'someuser'#'localhost'; to check what a user's permissions are.
You can also use the GRANT statement to add additional permissions to users.
An example of adding the create user permission would be:
GRANT CREATE_USER ON *.* TO 'someuser'#'localhost''
One way to resolve the issue, assuming root has all permissions, is to change your mysqli_connect to a mysql_connect such as: mysql_connect('127.0.0.1','root','')
I have website 1 currently uploaded in the web and i have also develop a website 2 running on the localhost for now.. I want to access or get some value from the website 1 database to my website 2..is this possible using php query or javascripting? if not, what approach i need to take? thanks for the help
Yes you can, You have to just pass the parameters of the server details like this example.
<?php
//Connect To Database
$hostname='ukld.db.5510597.hostedresource.com';
$username='myusername';
$password='mypassword';
$dbname='testdb';
//your rest of code
?>
To allow connections from an external IP-address, you will need to do the following as well:
Grant access to a new database
If you want to add a new database called foo for user bar and remote IP 202.54.10.20 then you >need to type the following commands at mysql> prompt:
mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON foo.* TO bar#'202.54.10.20' IDENTIFIED BY 'PASSWORD';
More information
Yes, It's simple.
<?php
$hostname = "remote_host_name";
$database = "remote_database_name";
$username = "database_username";
$password = "database_password";
$con = mysql_connect($hostname, $username, $password);
mysql_select_db($database, $con);
?>
Use this $con as the second parameter while running query.
e.g. mysql_query($query, $con);
Make sure that you have granted the access of server 1 in server 2 mysql database.
I'm working through examples from a book on php/mysql development.
I'm working on a linux/apache environment.
I've set up a database and a user. I attempt to connect with this line of code:
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
I get this error:
Warning: mysql_connect()
[function.mysql-connect]: Access
denied for user 'www-data'#'localhost'
(using password: YES) in
/var/www/hosts/dj/connect.php on line
3 unable to connect to database:
Access denied for user
'www-data'#'localhost' (using
password: YES)
I can only guess what is happening here:
I think www-data is a username for apache. Upon the database connection, the credentials being passed in to mysql are not those of my database user, but rather apache's own credentials. Is that what is happening here?
How do I pass in the credentials I've defined for my user ?
edit:
By the way - I do have credentials in the variables $db_hostname, $db_username, $db_password.
they are passed in by another file using require_once. If that file can't be found, then I get an error. So, I know that my username and password are being used by my script.
Both my scripts can be seen here:
http://pastebin.com/MUneLEib
#
Solved:
Thanks guys.
A couple of you pointed out that I had coded carelessy.
Also, I was particularly pleased by Neo's answer: he told me why the username of the owner of the apache process was being used.
:)
I just looked at your code! The variable with the username is $database_username but
you are using $db_username.. Change your code to:
$db_server = mysql_connect($db_hostname, $database_username, $db_password);
or you could change the line with username with:
$db_username='[your mysql user]';//or the username you created
When you don't pass anything it will be the user mysql assumes but it will not get the password so if you hadn't defined $db_password it would say: (using password:NO)
you set $database_username with you user but you are passing $db_username which is not set so the user is the linux username as default when nothing is passed with the password for the mysql user! Since there is no mysql user with that password or privileges or even with that name you are not given access!
That user is www-data which is as you guessed an apache user assigned to client-side requests!
In your login.php you use the variable $database_username, but in your connection function you use $db_username. Try matching them up.
The username goes into $db_username, and the password goes into $db_password.
All these other answers are so presumptuous, as if you don't know that $db_username means database username and same for password.
The error says that you've specified an username and password. You just specified the wrong ones. You need to use the username and password of MySQL, NOT the system username/password combination, so no, this will not be www-data. This may be root and some password, but again, these credentials are specified within MySQL, and are not (necessarily) the same as the system users and passwords.
Your MySQL installation should have a root user with a default password (which you should promptly change). There are several options: you can add an user via the MySQL command line or use an interface like cPanel or Webmin if your provider has something like this; I've used both of these and they both have easy interfaces to add new MySQL users and assign them privileges.
Also just a tip: I typically create one user per database and give the user full privileges on the database, and then use that user with the application linked to the database.
And then of course, once you create a MySQL user account and give it privileges on your web app's database, fill in that username and password into your script.
<?php
$dbhost = 'localhost';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
?>
Make sure you actually assign your database login username and password to those variables before you try to connect. For example, before the line with mysql_connect():
$db_username = 'myuser';
$db_password = 'mypass123';
I'd recommend you go through a tutorial regarding MySQL and PHP before trying to go any further - just so you understand how it all works.
Try this one:
http://www.tizag.com/mysqlTutorial/mysqlconnection.php
Also, documentation is your friend:
http://php.net/manual/en/function.mysql-connect.php
The error given could mean that the privilege has not been granted, or perhaps the password is incorrect. Check that user is created and granted access, or just issue this to be sure it set to allow access on the mysql server.
$ mysql -u root -p
password:
(blah blah blah from server)
GRANT ALL PRIVILEGES ON db_base.* TO 'db username'#'localhost' IDENTIFIED BY 'some password';
If all privileges is too much, consider giving only the basic permissions needed:
GRANT SELECT,UPDATE,DELETE ON db_base.* TO 'db username'#'localhost' IDENTIFIED BY 'some password';
By the way, the server response to this statement on success is Query OK, 0 rows affected.
Your code is correct, it is saying your password is incorrect so your mysql database is rejecting the mysql connection. If you are using xampp use:
localhost
as hostname &
root
as username & in xampp there is no password so it would be
$password = ""; then $dblink = new mysqli($hostname, $dbuser, $password, $dbname);
so you can set your vars like this
<?php
$hostname = "localhost";
$dbuser = "root";
$password = ""; // means there is no password to the database
$dbname = "test"
?>
Conclusion :
if you get this as your message -
Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'www-data'#'localhost' (using password: YES) in /var/www/hosts/dj/connect.php on line 3 unable to connect to database: Access denied for user 'www-data'#'localhost' (using password: YES)
It means the password you entered is wrong or there is no password.
Stop using mysql_connect()!
You should not use this or other related functions related to this extension.
It's depreciated and removed in PHP 7.0.0 and beyond.
An alternative is using PDO or MySQLi.
Below is an example script for connecting to MySQL using PDO:
<?php
/* Connect to a MySQL database using driver invocation */
/* DSN options:
http://php.net/manual/en/ref.pdo-mysql.connection.php
Error handling options:
http://php.net/manual/en/pdo.error-handling.php
Learn how to secure against SQL injection attacks:
http://php.net/manual/en/pdo.prepared-statements.php
*/
$user = 'myusername';
$pass = 'mypassword';
$host = 'localhost';
$mydb = 'mydatabase';
$dsn = "mysql:dbname=$mydb;host=$host";
try {
$dbh = new PDO($dsn, $user, $pass);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>