I don't know much about programming, so I hired someone to create a simple MySQL database with an online form that I can enter information into.
I already setup the MySQL database at my hosting account and gave the programmer the login details as well as an FTP account.
He says he needs my hosting username/password in order to create the database because he needs to use PHPMyadmin to create the tables and test the database.
This seems kinda shady to me. Can't the programmer create the tables using PHP commands alone? I don't want to give out my main username/password to a stranger.
I'm hosted at 1and1.com if that matters any
If you give the MySQL user sufficient database permissions, they can use the CREATE TABLE statement to create the tables without having to use PHPMyadmin. If they don't know how to create tables without using the GUI, then I would be suspicious of their overall database programming abilities as being the lead on your project.
PHP can execute any SQL statement on a MySQL server which it has a valid connection too, including the CREATE TABLE command, however, these will be subject to the "privileges" of the user that PHP used to gain the MySQL connection.
The MySQL user that you provided the login credentials for may not have create table privileges. In this case, PHP could do nothing, as the SQL commands executed would fail.
That said, I don't know why your hosting username/password would be needed to use PHPMyAdmin. Usually a login to PHPMyAdmin is done with the MySQL user, not the hosting user. Though, that user would be subject to the same privilege restrictions, so we're back at part 1:
Does the MySQL user you created for the programmer have create table privileges?
If yes, they should be able to create tables from PHP alone, and if you have PHPMyAdmin installed, they should be able to log in using that same user already (and not your hosting user!)
If no (probably unlikely, though I don't know 1and1), then you will need to provide a MySQL user that does have create table privileges before they can do anything; then see above.
It's possible to submit the necessary CREATE TABLE queries via php to the database, but the developer is likely more familiar with the way PHPMyAdmin displays what is set up on the server.
Sounds viable to me. Technically he can do everything with PHP alone, but it is much much easier to use PHPMyAdmin.
I think you should hire someone you can trust and give them the tools to help them do a good job.
You don't have to give him your user/pass. You can create a new user in PHPMyAdmin, with less privileges. When he finishes installing your database, just delete that user.
Yes, he can create databases using only PHP, but it is slower than just use PHPMyAdmin.
Probably the person you hired is not very skilled in software development and the only way he know for modifying MySQL is using that web interface.
You can do it this way:
http://www.w3schools.com/php/php_mysql_create.asp
<?php
$con = mysql_connect("localhost","peter","abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// Create database
if (mysql_query("CREATE DATABASE my_db",$con))
{
echo "Database created";
}
else
{
echo "Error creating database: " . mysql_error();
}
// Create table
mysql_select_db("my_db", $con);
$sql = "CREATE TABLE Persons
(
FirstName varchar(15),
LastName varchar(15),
Age int
)";
// Execute query
mysql_query($sql,$con);
mysql_close($con);
?>
I might also create a DBUser that has access to the database and tell him to download a mySQL client (such as HediSQL) to do his database work. Then after they are done, just remove the DBUser (or take away all permissions).
Related
Hey guys the code below is what I am trying to run. I am trying to run a practice MySQL server because I am going to host it on my schools free database which is MySQL
I am using phpmyADMIN but I am a bit confused because yall are saying I am not connecting to MySQL
so what is this code to create a database? Do I need to download MySQL or something? I thought phpmyadmin is the same syntax to create a database/tables/ and values? since I have MySQL turned on?
//creation of database
$sql= 'CREATE DATABASE project';
if(mysql_query($sql,$con)){
echo 'DB created succesfully';
}
else{
echo 'error creating DB' . mysql_errno();
}
PHPMyAdmin is a web-based software program created with PHP to help you administrate MySQL databases. It has its own internally built code to connect to your MySQL databases and perform standard functions such as insert, select, delete, update, etc.
PHPMyAdmin does not really have anything to do with you creating your own PHP program. You will still need to connect to MySQL (as PHPMyAdmin does behind the scenes). You can still use the same code that PHPMyAdmin generates for you for use in your own PHP programs, but you must already be connected to MySQL as a user with valid permissions.
In your PHP code it is important to note that you are using the mysql_* functions which have been deprecated and you should be using the mysqli_* functions instead.
Your code should actually look something like this:
//connect to db
$link = mysqli_connect("localhost","my_user","my_password");
//creation of database
$sql= 'CREATE DATABASE project';
if(mysqli_query($link, $sql)){
echo 'DB created succesfully';
}
else{
echo 'error creating DB' . mysqli_errno();
}
MySQL is the database server you connect to in order to execute queries such as CREATE DATABASE project. phpmyadmin is a PHP-based front end to MySQL to allow easier browsing and manipulation of the database.
Think of text documents on your computer. notes.txt is a text file, but you could open it with any text editor such as Notepad or TextEdit.
Your specific snippet of code is missing the database connection string, so something more appropriate might look like:
$connection = new mysqli('db_host', 'db_user', 'db_pass');
$sql = "CREATE DATABASE project";
$results = mysqli_query($connection, $sql);
//check for errors
Without connecting to the database, your SQL is all just strings of text with no meaning.
I tried a lot hoping to get a good job here
If you are logged into phpmyadmin, then the only code you can execute is just SQL statements. Like: create database my_db1
I am trying to find the SQL command to create a user that can read and write in tables found in one database, but is not allowed to do anything else.
Also if you can recommend other limits I should add to the MySQL user I would appreciate it.
The reason I am asking is because one of my tables was dropped and I have no idea how... I think it's PHP but I am not sure... Maybe someone connected via my SSH... The thing is all my mysql logs are empty and no evidence of a another user trying to do something are to be found in the other logs...
So for now I am assuming there is something wrong with my PHP... This is why I would like to limit it to only adding, removing, and dropping rows and content in the rows... But not more. So that I don't loose my table again or my other DBs.
Create the user using CREATE USER, and specify the privileges using GRANT.
http://dev.mysql.com/doc/refman/5.1/en/grant.html (click here for a list of MySQL privileges)
If you have phpMyAdmin running, the interface will give you a complete set of privileges to check/uncheck :)
For a basic web application, you'll only need SELECT, INSERT, UPDATE and DELETE :)
If you think there was a security issue with your application, check this page to know more.
I am creating an install file for a script I created and will also provide the fields to enter the database details. Anyway, before storing those database details in a config.php file, I'd like to see if they work. What would be the best way to see if the provided details are valid? I thought of running a dummy query and if it's successful then store the details in a file. I don't know what the best query would be? I am using PDO for the whole thing. So, I basically need to check if a database connection succeeded in order to continue.
Could you please tell me your ideas how to verify if everything is alright with the user input? Is my dummy query idea a good way to handle this? If yes, what query should I run? If no, what do you suggest?
Thanks.
If you are using sql server somethig like "select 1" will do the job. I guess many other database engines will support this query too.
The best thing to do would be to issue a series of queries/commands that test every thing you need individually.
Can open connection
Database is there/can be created
User can see data/can construct data
etc..
Then as part of the installation you can tell the user if something isn't right and point them directly at the problem for them to solve. You should do this early in the installation so that you don't have to roll back too much.
Think about the installation experience. What would you want when installing a program. Would you like it to just say
"Error. Can't connect",
or
"Error: Cannot connect to DATABASEX the SERVERY with the USERID_W",
or even better
"Error: Can connect to the DATABASEX the SERVERY with the USERID_W, but table X is missing, have you completed step ABC first?"
Do as much work as you can for the user.
First of all, check if PHP connects to the database correctly (returned values, mysql errors). Then You can use something like SHOW VARIABLES LIKE "%version%" to determine the database engine version, so all functions and methods will work as intended. This way You can also inform Your users, that their db version is to old to be used with Your software.
EDIT
Also, a query of SHOW GRANTS FOR 'user'#'host' is a good idea to check permissions for connected user
Well, you can assume the connection is successful if the connection function returns the expected value without generating any errors/exceptions. Aside from that...
SHOW TABLES FROM $database;
Should show that they have at least basic permissions to the database, but won't indicate if they can create tables and insert data.
After I navigate to my database in C:\ProgramData\MySQL\MySQL Server 5.5\data and delete the folder the tables are still saved somehow. When I try to run my PHP script again I get this error: "Error creating users table: Table 'databaseName.tableName' already exists."
The line of code that triggers that error is this:
mysql_query($createTableQuery) or die('Error creating users table: ' . mysql_error());
In order to fix this problem I have to rename the tables and re-run the script. It is becoming quite cumbersome having to find new table names every time I delete my database while testing my code.
Is anyone aware of a command to delete the tables as well? Or perhaps where the tables are stored on my computer so that I could manually delete them? I'd prefer to stay away from commands and rather know exactly where these tables were stored so that I could find them and delete them.
Are you aware of (?):
DROP TABLE [name];
You should be using drop database
not deleting the files. There may be metadata stored elsewhere.
I'd prefer to stay away from commands
and rather know exactly where these
tables were stored so that I could
find them and delete them.
This is naive way of thinking. Use the public interface (SQL) not the filesystem. What will you do if the storage mechnism changes? There are many storage engines in mysql and they all don't work the same way.
I have a working PHP server. Now I want to use databases (MySQL or something similar). Is it possible to create a database from PHP?
I would like to emphasize that in my case I do not have any user-name and password which I can use to connect to MySQL server. I also do not have a control-panel where I could create a database or a table in an existing database.
ADDED:
I think SQLite is what I need. But if I try to create a new database from PHP I see that PHP tries to create a file in a directory which is different from the directory where my files are supposed to be. Then it reports that it is unable to create the database and I think it is because it tries to create in the directory to which I have no permission to write. Can I force PHP to create SQLite in a specific directory?
I'm assuming you want to create an SQL database without access to a stand-alone database server. You could use SQLite, which is a library that creates a lightweight database in a single file without separate processes.
It's not quite as efficient as a standalone database server, however, so if you need performance, use a proper database server. It's not an unreasonable requirement for a high-performance web app.
Mysql,no. SqlLite is a possibility, you only need write permissions on the filesystem.
www.sqlite.org/
I would like to emphasize that in my
case I do not have any user-name and
password to which I can use to connect
to MySQL server. I also do not have a
control-panel where I could create a
database or a table in an existing
database.
This question is confusing to me, because if you're using MySQL you should be able to create a database, with a username and password to connect, using their command line admin tool. That's also the way to create a database or a table as well.
Are you saying you don't have access to the admin tool? You don't have an account? If so, you'll need to ask for them from the person who does have such access.
An option is to set up an SQLite database in a directory outside of your htdocs folder. This is so people can't type in the name of the database file and download the entire database, severely compromising security.
If you are so inclined, you can even set up a layer of abstraction between PHP and the DBMS using PDO. Then, in order to create the database object, you would specify a DSN specific to SQLite write something like this:
$pdo_obj = new PDO('sqlite:/path/to/my_database.sqlite3');
and then query it like a normal PDO object using the PDO functions.
This method would better allow for easier migration to using a client-server DBMS once you can get one set up; it would just be a matter of copying the table structure and data over to the new database, and changing the DSN to something appropriate.
Creating a database through PHP is possible, but for that you need a connection to the database, which needs a username/password pair or some kind of authentication. Unless your database allows anonym logins or something similar, it's not possible.
Yes, just fire a create database sql query from PHP
http://dev.mysql.com/doc/refman/5.0/en/create-database.html