(PHP 4, PHP 5)
mysql_connect — Öffnet eine Verbindung zu einem MySQL-Server
Rückgabewert: Eine MySQL Verbindungs-Kennung im Erfolgsfall oder FALSE im Fehlerfall.
mysql_connect() öffnet eine Verbindung zu einem MySQL Server. Für fehlende optionale Parameter werden folgende Standardwerte angenommen: Server = 'localhost:3306', Benutzername = Name des Benutzers dem der Server-Prozess gehört und Benutzerkennwort = leeres Kennwort.
Der Parameter Server kann zudem die Portnummer enthalten, z.B. "hostname:port" oder den Pfad zu einem lokalen Socket z.B. ":/pfad/zum/socket" für Zugriffe auf dem lokalen Rechner (localhost).
Hinweis:
Immer, wenn Sie als Server "localhost" oder "localhost:port" angeben, wird die MySQL Client Bibiliothek diese Angabe überschreiben und versuchen eine Verbindung zu einem lokalen Socket (named pipe für Windows) aufzubauen. Wenn Sie TCP/IP benutzen wollen, müssen Sie die Angabe "127.0.0.1" statt "localhost" benutzen. Falls die MySQL client Bibliothek versucht die Verbindung zu einem falschen Socket aufzubauen, sollten Sie den korrekten Pfad als mysql_default_host in Ihrer PHP Konfiguration angeben und die Angabe für Server leer lassen.
Unterstützung für ":port" wurde in PHP PHP 3.0B4 hinzugefügt.
Unterstützung für ":/pfad/zum/socket" wurde in PHP 3.0.10 hinzugefügt.
Eine Fehlermeldung beim Verbindungsaufbau kann unterdrückt werden, wenn dem Funktionsnamen ein @ voran gestellt wird.
Für den Fall, dass ein zweiter Aufruf von mysql_connect() mit den gleichen Argumenten erfolgt, wird keine neue Verbindung aufgebaut, sondern die Verbindungs-Kennung der schon bestehenden Verbindung zurückgeliefert. Der Parameter neue_Verbindung beeinflusst dieses Verhalten und mysql_connect() öffnet immer eine neue Verbindung, sogar dann, wenn mysql_connect() zu einem früheren Zeitpunkt mit den gleichen Parametern aufgerufen wurde. Der Parameter client_flags kann eine Kombination der Konstanten MYSQL_CLIENT_COMPRESS, MYSQL_CLIENT_IGNORE_SPACE oder MYSQL_CLIENT_INTERACTIVE sein.
Hinweis:
Der Parameter neue_Verbindung steht seit PHP 4.2.0 zur Verfügung.
Der Parameter client_flags steht seit PHP 4.3.0 zur Verfügung.
Die Verbindung zum Datenbank-Server wird geschlossen, sobald die Ausführung des PHP-Skripts beendet ist oder vorher explizit die Funktion mysql_close() aufgerufen wird.
Beispiel #1 Verbindung zum Datenbanksserver öffnen
<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('keine Verbindung möglich: ' . mysql_error());
}
echo 'Verbindung erfolgreich';
mysql_close($link);
?>
Siehe auch mysql_pconnect() und mysql_close().
MySQL connection string regexp:
~mysql://([^:@/]*):?([^@/]*)@?([^/]*)/?([^/]*)~
here my class connection. i created to help my work.
<?php
class DBConfig {
var $host;
var $user;
var $pass;
var $db;
var $db_link;
var $conn = false;
var $persistant = false;
public $error = false;
public function config(){ // class config
$this->error = true;
$this->persistant = false;
}
function conn($host='localhost',$user='root',$pass='pass',$db='database'){ // connection function
$this->host = $host;
$this->user = $user;
$this->pass = $pass;
$this->db = $db;
// Establish the connection.
if ($this->persistant)
$this->db_link = mysql_pconnect($this->host, $this->user, $this->pass, true);
else
$this->db_link = mysql_connect($this->host, $this->user, $this->pass, true);
if (!$this->db_link) {
if ($this->error) {
$this->error($type=1);
}
return false;
}
else {
if (empty($db)) {
if ($this->error) {
$this->error($type=2);
}
}
else {
$db = mysql_select_db($this->db, $this->db_link); // select db
if (!$db) {
if ($this->error) {
$this->error($type=2);
}
return false;
}
$this -> conn = true;
}
return $this->db_link;
}
}
function close() { // close connection
if ($this -> conn){ // check connection
if ($this->persistant) {
$this -> conn = false;
}
else {
mysql_close($this->db_link);
$this -> conn = false;
}
}
else {
if ($this->error) {
return $this->error($type=4);
}
}
}
public function error($type=''){ //Choose error type
if (empty($type)) {
return false;
}
else {
if ($type==1)
echo "<strong>Database could not connect</strong> ";
else if ($type==2)
echo "<strong>mysql error</strong> " . mysql_error();
else if ($type==3)
echo "<strong>error </strong>, Proses has been stopped";
else
echo "<strong>error </strong>, no connection !!!";
}
}
}
// example to use
$DB = new DBConfig();
$DB -> config();
$DB -> conn();
// mysql command
// mysql_query and others..
$DB -> close();
?>
Whenever you open two connections to a single database,
you are likely not to get any error when selecting not existing db.
<?php
$db1 = mysql_connect( ... );
mysql_select_db('existing_db',$db1);
$db2 = mysql_connect( ... );
mysql_select_db('not_existing_db', $db2);
mysql_query(... , $db2);
//will return no errors and the query wouldn't be executed.
?>
Pay attention and you may save few hours of debugging.
TA point to especially note from the above documentation is that the mysql client library has special behavior around "localhost", in that it will use a socket file instead of TCP/IP. Socket files, while faster, only work if the php script is on the same machine as the database.
I found this difficult to overcome when I split off a database server from a server that had a handful of hosted clients all referencing "localhost". After significant effort, and failing with my knowledge of socat and autossh tunnelling as mentioned as a workaround to setup a forward from the socket file to TCP/IP in a mysql forum. I finally resorted to using DNS to reference the DB and no longer provide "localhost". It was a pain to update clients, but live and learn.
I tend to work in distributed environments, and now make it a sort of rule of thumb/best practice to use DNS instead of hard coding "localhost" or "x.x.x.x".
Hope this helps others out there.
Chris Page
Note that named pipe on Windows is unusable since PHP 5.3, and TCP connection shall be used even in localhost.
If you are getting an error "Can't assign requested address" you may have a problem with the mysql port. I had just moved my server to Mac OS X 10.6 and mysql_connect was giving this error. Going into the /etc/php.ini file and setting the default port number to 3306 fixed the problem.
mysql.default_port = 3306
The php.ini file suggests that PHP will select the port by using the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services, but in this case it is not so. /etc/services on my machine has 3306 listed, but it didn't get picked up.
This is sort of a bug report, in that the documented feature isn't working. Please don't delete this until the community decides how to address the problem. This is one of those hair pulling exercises to get fixed.
On Windows Vista or above, an entry in the Windows/System32/drivers/etc/hosts file causes mysql_connect() connections to "localhost" to timeout and never connect. This happens on php 5.3 and above since it now uses mysql native driver which has changed it connection behavior compared to libmysql.dll in previous versions. It is not a PHP bug, but definitely a configuration issue for users on new windows systems.
To get around this, you must remove the entry like this:
::1 localhost
and make sure you still have:
127.0.0.1 localhost
Also, you could change the code to connect to the ip instead, but that is inconvenient if you have many web sites.
This issue occurs on Windows Vista, Windows 7 and Windows Server 2008.
If you are getting MySQL Errors like #2006: MySQL server has gone away, and you are using mysql_connect() and pcntl_fork() then make shure that you are reconnecting to the mysql server with each created child which you fork()ed.
I pulled my hair out for many days because i was using the same mysql connection for each child and was getting that "MySQL server has gone away" errors.
Here is a simple example:
<?php
$link = mysql_connect($db_server, $db_user, $db_pass);
mysql_select_db($db_database,$link));
$pid = pcntl_fork();
if ($pid == -1)
// Error forking child
elseif ($pid) {
// Parent will be here
} else {
// The child has to esablish a *new* mysql connection.
// if you use mysql_connect without the 4th parameter
// then it will use the connection from the parent. But
// if the child dies, the connection will be unaviable in
// the parent too.
// So, note the "true" as 4th parameter.
$newlink = mysql_connect($db_server, $db_user, $db_pass,true);
mysql_select_db($db_database,$newlink));
// ...
}
?>
Here is a connection class I created for one of my websites for a MYSQL connection. Feel free to use it on one of your applications anyone! It's MYSQL with OOP in mind and works similar to ASP.net methods for connecting to a database. The benefit of this class is easy management of multiple MYSQL connections.
The class:
<?php
class Connection
{
var $db_connection = null; // Database connection string
var $db_server = null; // Database server
var $db_database = null; // The database being connected to
var $db_username = null; // The database username
var $db_password = null; // The database password
var $CONNECTED = false; // Determines if connection is established
/** NewConnection Method
* This method establishes a new connection to the database. */
public function NewConnection($server, $database, $username, $password)
{
// Assign variables
global $db_connection, $db_server, $db_database, $db_username, $db_password;
$db_server = $server;
$db_database = $database;
$db_username = $username;
$db_password = $password;
// Attempt connection
try
{
// Create connection to MYSQL database
// Fourth true parameter will allow for multiple connections to be made
$db_connection = mysql_connect ($server, $username, $password, true);
mysql_select_db ($database);
if (!$db_connection)
{
throw new Exception('MySQL Connection Database Error: ' . mysql_error());
}
else
{
$CONNECTED = true;
}
}
catch (Exception $e)
{
echo $e->getMessage();
}
}
/** Open Method
* This method opens the database connection (only call if closed!) */
public function Open()
{
global $db_connection, $db_server, $db_database, $db_username, $db_password, $CONNECTED;
if (!$CONNECTED)
{
try
{
$db_connection = mysql_connect ($db_server, $db_username, $db_password);
mysql_select_db ($db_database);
if (!$db_connection)
{
throw new Exception('MySQL Connection Database Error: ' . mysql_error());
}
else
{
$CONNECTED = true;
}
}
catch (Exception $e)
{
echo $e->GetMessage();
}
}
else
{
return "Error: No connection has been established to the database. Cannot open connection.";
}
}
/** Close Method
* This method closes the connection to the MySQL Database */
public function Close()
{
global $db_connection, $CONNECTED;
if ($CONNECTED)
{
mysql_close($db_connection);
$CONNECTED = false;
}
else
{
return "Error: No connection has been established to the database. Cannot close connection.";
}
}
}
?>
Hopefully this saves someone some grief.
My dev computer is windows and runs wampserver. I have frequent problems with PHP being unable to connect to MySQL after periods of extreme DB activity.
Long story short, it was because I was not running mysql via named-pipes and Windows was running out of available ports to serve PHP. Apparently, on windows, you have 5000 ports to work with and once they are opened, they remain so for 120 seconds before being released. This causes problems with mysql/networking because a new port is requested for each connection.
You can read more about the problem at:
(Link too long and had to be broken up)
http://dev.mysql.com/doc/refman/5.0/en
/can-not-connect-to-server.html#can-not-connect-to-server-on-windows
?>
Since mysql is on localhost, I can just enable named-pipes (which is how you should have mysql setup if you don't need networking) to get around the problem instead of the workaround listed on that page.
For details, see:
http://dev.mysql.com/tech-resources
/articles/securing_mysql_windows.html
When you connect and expect to use a stored procedure,you must pass a special flag to MySQL via the connect command, otherwise you will not get the results returned, and it will result in this error:
PROCEDURE AlexGrim.GetStats_ForumCategories can't return a result set in the given context
To fix this, change you connection string, adding ",false,65536" as the last 2 fields:
$this->con = mysql_connect($this->h,$this->u,$this->p,false,65536);
If you trying to connect to a remote server, here are a few things that can go wrong. Perhaps this list will save someone some time:
1. You may need to get in touch with the remote server's tech support:
a. to ensure that you can get through its firewall. It is not necessarily enough to have your server number listed in the recipient site's cpanel remote access host list. It depends on how the server company has things set up;
b. to find out what port number they are using for database connections, which may not be the default used by mysql_connect;
c. If you are using ODBC, the host to which you are trying to connect may or may not have any ODBC drivers installed; and
d. If you are working from a dynamic IP, they may be set up to accommodate it, or you may have to use a proxy. See http://forge.mysql.com/wiki/MySQL_Proxy .
2. If you are working from a shared server yourself, the server number you were sent in the sign-up letter is probably NOT the server number you should be using to connect to a remote database. You need the server number of the machine on which your site is sitting, not your virtual account server number on that machine. You can get this from your own tech support.
I am grateful to Jonathan Jones at Bluehost for this analysis.
I just wanted to share a common wrapper that I use for executing one line SQL statements. Its an easy wrapper to use that takes care of the connection open/close. Optionally, the mysql_connect can be replaced with mysql_pconnect for persistent connections.
function executeQuery( $query, $db, $nocon )
{
if( $nocon != "nocon" )
if( $db != "" ) connect( $db );
else connect( "pascal_crm" );
$result= mysql_query( $query );
$err = mysql_error();
if( $err != "" ) echo "error=$err ";
if( $nocon != "nocon" )
mysql_close();
return $result;
}
Here's a related mysql_pconnect trivia question:
http://www.codesplunk.com/nr/questions/php17.html
Coderlit and angelo,
this may be the solution:
<?php
if (!isset($g_link)) {
$g_link = false;
}
function GetMyConnection()
{
global $g_link;
if( $g_link )
return $g_link;
$g_link = mysql_connect( 'localhost', 'dbuser', 'dbpass') or die('Could not connect to mysql server.' );
mysql_select_db('wordpress', $g_link) or die('Could not select database.');
return $g_link;
}
function CleanUpDB()
{
global $g_link;
if( $g_link != false )
mysql_close($g_link);
$g_link = false;
}
?>
The note from angelo [at] mandato <dot> com is a good way to reuse the msyql connection, like mysql connection pooling.
However, you need to remove the $g_link = false; in the file. Other wise, everytime you include this file, the mysql connection is set to false, and you have to call the mysql_connect again to connect to the sql server, even though you may have already have live mysql connection ready for use.
<?php
//need to remove this line to resue the connection resource
$g_link = false;
function GetMyConnection()
{
global $g_link;
if( $g_link )
return $g_link;
$g_link = mysql_connect( 'localhost', 'dbuser', 'dbpass') or die('Could not connect to mysql server.' );
mysql_select_db('wordpress', $g_link) or die('Could not select database.');
return $g_link;
}
function CleanUpDB()
{
global $g_link;
if( $g_link != false )
mysql_close($g_link);
$g_link = false;
}
?>
If you are trying to open multiple, separate MySQL connections with the same MySQL user, password, and hostname, you must set $new_link = TRUE to prevent mysql_connect from using an existing connection.
For example, you are opening two separate connections to two different databases (but on the same host, and with the same user and password):
$db1 = mysql_connect($dbhost, $dbuser, $dbpass);
$rv = mysql_select_db($dbname1, $db1);
$db2 = mysql_connect($dbhost, $dbuser, $dbpass);
$rv = mysql_select_db($dbname2, $db2);
At this point, both $db1 and $db2 will have selected the database named by $dbname2.
The workaround is to require that the second MySQL connection is new:
$db1 = mysql_connect($dbhost, $dbuser, $dbpass);
$rv = mysql_select_db($dbname1, $db1);
$db2 = mysql_connect($dbhost, $dbuser, $dbpass, TRUE);
$rv = mysql_select_db($dbname2, $db2);
Now, $db1 should have selected $dbname1, and $db2 should have selected $dbname2.
This has been documented on the mysql_select_db page as well.
Note: This occurs only when the server, username, and password parameters are identical for each mysql_connect statement.
Recently, I saw an obscure problem where I could connect to MySQL from the PHP via Apache and MySQL via the MySQL console, and could not connect via the PHP-CLI. This was in Windows (XP). I usually use MySQLi extension, but also tried MySQL, and both refused to work.
I restarted the service multiple times, and the PHP-CLI still would not connect.
This eventually cleared up.
I made sure to stop the service. Then, I downloaded a zipped binary-package from dev.mysql.com and started the server a few times from the commandline (mysqld/mysqld-nt, where mysqld-nt is tuned specifically for Windows) and stopped it ("mysqladmin shutdown"). I was then able to successfully connect from the PHP-CLI ("php -r "mysql_connect('localhost', 'root', ''); ").
Making sure it was stopped, I started the regular server from the commandline, and that was then successful. I then stopped it and started it via the Services panel, and everything still worked.
I'm assuming that when the service was restarted initially, there was a component that had died and refused to be shutdown even though the service appeared to be stopped, but shutting it down via mysqladmin killed everything entirely.
[EDIT by danbrown AT php DOT net: The issue this user is illustrating is a common problem when dealing with multiple databases from PHP. Note his comments at the end of the code for an explanation.]
Looks like I learned this the hard way:
<?php
//establish connection to master db server
mysql_connect (DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db (DB_NAME);
//establish connection to read-only slave cluster
$objMySQL_Read = mysql_connect (SLAVE_DB_HOST, SLAVE_DB_USER, SLAVE_DB_PASSWORD);
mysql_select_db (DB_NAME, $objMySQL_Read);
$strSQL = "SELECT col1,col2 FROM " . DB_NAME . "." . "tbl1 WHERE 1=1";
$objRS = mysql_query ($strSQL, $objMySQL_Read); //returns data from slaves
$strSQL = "INSERT INTO " . DB_NAME . "." . "tbl1 (col1,col2) VALUES (val1,val2)";
mysql_query ($strSQL);
//expected behavior, to insert the last statement into the master db, since it doesn't reference the read-only resource explicitly. instead, it inserts the record into the last connection, even though it shouldn't, since the last connection is not a global/anonymous connection like the first one, it's $objMySQL_Read.
//you'll get out of sync db's across your cluster unless you explicitly define all connection resources
?>
The too many connections issue can be due to several problems.
1. you are using pconnect. This can tie up many connections and is not really needed for MySQL as new connections are really fast.
2. Apache children are hanging around for too long - combine this with pconnect and you have recipe for disaster.
Suggestions: reduce the amount of time apache child processes stay connected to the client and how many connections before they are killed off. And don't use pconnect.
Sometimes, I want that MySQL service start automatically when my app need it. This is specially true if you work in a development PC and/or in an small intranet environment.
You can do something like this: if the mysql_connect() function returns FALSE, try to force the initialization of the MySQL service!
For example, under Windows:
<?php
$link = @mysql_connect($server,$user,$pass);
if (empty($link)){
@exec("%SystemRoot%\\system32\\net.exe start mysql");
sleep(5);
$link = @mysql_connect($servidor,$usuario,$clave);
}
?>
In Linux of course you can try "/etc/init.d/mysqld start" but you will need special permissions.
Regards.
The use of mysql connections can become tricky with objects. I am using mysql_connect() in a database class I wrote and the class destructor calls mysql_close. Because I have several of these database objects, mysql_connect reuses existing connections. This is fine except when the script reaches the end of execution and PHP's garabage collection calls all the objects' __destruct() functions. mysql_close() throws a warning that the connection is invalid, in my case for one object. This is happening with objects which use an existing connection, as the connection has already been closed. I solved the problem by forcing mysql_connect() to create a new connection each time. This is not efficient but is sufficient for my purposes for now.
I wouldn't say this is a bug per-se, but it's something to look out for. I imagine using mysqli is the ultimate solution...
All constants from MySQL source:
#define CLIENT_LONG_PASSWORD 1 /* new more secure passwords */
#define CLIENT_FOUND_ROWS 2 /* Found instead of affected rows */
#define CLIENT_LONG_FLAG 4 /* Get all column flags */
#define CLIENT_CONNECT_WITH_DB 8 /* One can specify db on connect */
#define CLIENT_NO_SCHEMA 16 /* Don't allow database.table.column */
#define CLIENT_COMPRESS 32 /* Can use compression protocol */
#define CLIENT_ODBC 64 /* Odbc client */
#define CLIENT_LOCAL_FILES 128 /* Can use LOAD DATA LOCAL */
#define CLIENT_IGNORE_SPACE 256 /* Ignore spaces before '(' */
#define CLIENT_PROTOCOL_41 512 /* New 4.1 protocol */
#define CLIENT_INTERACTIVE 1024 /* This is an interactive client */
#define CLIENT_SSL 2048 /* Switch to SSL after handshake */
#define CLIENT_IGNORE_SIGPIPE 4096 /* IGNORE sigpipes */
#define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */
#define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */
#define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */
#define CLIENT_MULTI_STATEMENTS 65536 /* Enable/disable multi-stmt support */
#define CLIENT_MULTI_RESULTS 131072 /* Enable/disable multi-results */
#define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31)
if between first and second call with same arguments there was another call with another argument, initial connection link is not reused, but new connection is created instead, regardless of new_link argument.
for example, here only one single link will be opened and then reused:
<?php
$link1 = mysql_connect("localhost");
$link2 = mysql_connect("localhost");
?>
and here _three_ separate links will be opened:
<?php
$link1 = mysql_connect("localhost");
$link3 = mysql_connect("127.0.0.1");
$link2 = mysql_connect("localhost");
?>
so if you wanted to switch between connections just by call to mysql_connect, and rely on its internal link caching, you can be wasting your database connections.
The post from 'Graham_Rule at ed dot ac dot uk' should include the following WARNING:
WARING: THE VALUES OF THESE DIRECTIVES WILL BE EXPOSED IF ANY OF THE CODE INCLUDES THE phpinfo() FUNCTION.
The phpinfo() function will print these values clear as day. I highly suggest against this method of storing MySQL authentication information.
I recommend creating connect and cleanup functions in a separate include file. If security is a concern, locate the include file outside of your web root folder.
<?php
$g_link = false;
function GetMyConnection()
{
global $g_link;
if( $g_link )
return $g_link;
$g_link = mysql_connect( 'host.name', 'user', 'password') or die('Could not connect to server.' );
mysql_select_db('database_name', $g_link) or die('Could not select database.');
return $g_link;
}
function CleanUpDB()
{
global $g_link;
if( $g_link != false )
mysql_close($g_link);
$g_link = false;
}
?>
Simply include your connnection.php file in your script and anywhere you use the mysql_query() function include a call to the GetMyConnection() function.
<?php
$res = mysql_query("SELECT ...", GetMyConnection() );
?>
In case anyone else is getting "Client does not support authentication protocol requested by server; consider upgrading MySQL client" error. The problem is the new password hashing method used by MySQL >= 4.1 mentioned below.
Either update your PHP to v5 where the new password hashing is supported or use old_password() in MySQL 4.1.
FROM: http://www.digitalpeer.com/id/mysql
UPDATE mysql.user SET password=old_password("youroldhashpassword") WHERE user ='youruserid' and host ='yourhost'
then do
FLUSH PRIVILEGES
How to get at multiple MySQL databases from PHP while continuing to hide the user credentials in Apache configuration files.
(This builds on my solution to the problem of hiding such credentials that I posted in May 2003 at http://uk2.php.net/manual/en/function.mysql-connect.php#32035)
<Directory /var/www/html/multidatabase>
php_value mysql.default_user "username1 username2"
php_value mysql.default_password "secret private"
php_value mysql.default_host "localhost server.example.com"
</Directory>
Note that the quotes are necessary to prevent the parser complaining about seeing too many parameters for php_value.
Given this setup in Apache, our script can fetch the composite value
$hostnames = @ini_get('mysql.default_host'); Split it into its component parts
$hostnames = preg_split("/[\s]+/", $hostnames); Then use the values in this array as if we had hard-coded:
$hostnames[0] = "localhost";
$hostnames[1] = "server.example.com"
Similar code may be written to fetch the usernames and passwords.
(One 'gotcha' with the mysql_error() function is that it will not give a sensible error report if there is a failure to open a second or subsequent connection. It uses the last successfully opened connection as the basis for its message!)
The addition of entries to httpd.conf to stop .inc files being served by Apache is certainly useful and to be recommended.
But it doesn't change the fact that these files have to be readable by Apache so that the PHP processor can get at them.
As long as your don't have multiple, possibly untrusted, users on your machine then that's OK. But when you are running a large multi-user service with thousands of users its always possible that one of them will look at your .inc files and take a note of the passwords you have in them. They could even copy them into their own scripts and modify your databases!
Even if local users are trusted, there is always the possibility of a rogue script (PHP or some nastier language) being installed by an ignorant user. That script might then read your .inc files (whether or not they are in the web publishing tree) and expose your password.
If you prefer to use a hostname instead of an ip on your connection string in a script (to be able to change the ip at will), but don't want the overhead of dns lookups, just add it to your /etc/hosts file (in windows: %WINDIR%/system32/drivers/etc/hosts).
For example, add the following to your hosts file (changing the bogus ip to your server's real ip):
123.123.123.123 mysqlserver1
Note: On linux, make sure you have "order: hosts,bind" on your /etc/host.conf file.
On a script, make the mysql connection like so:
<?
$sid = mysql_connect ("mysqlserver1", "user", "pass");
?>
Note: this sample is in php, but it can be any other programming language (just type "ping mysqlserver1" on a prompt, on your server)
And there you have it! If your server ever gets assigned a different ip, just update the hosts file with the new one (every script will work as-is, even if under different hostnames).
Ever wonder what "default username" is?
<?php
$link = mysql_connect() or die(mysql_error());
$result = mysql_query("SELECT SESSION_USER(), CURRENT_USER();");
$row = mysql_fetch_row($result);
echo "SESSION USER: ", $row[0], "<br>\n";
echo "CURRENT USER: ", $row[1], "<br>\n";
?>
Both are ODBC@localhost in my win2k install, so my advice for windows is:
- create a MySQL user named ODBC with no password
- add localhost to ODBC user [right-click ODBC]
- set schema previleges to ODBC@localhost
- use mysql_connect() with no parms, or do not use ;)
This turns to work also with odbc_connect:
odbc_connect("myDSN", "", "")
PHP (5.1.2) stores connections according to script name and remote host, apparently. If the same script is requested by the same browser in two different tabs (Firefox for this test) and requests a non-persistent connection using the same user and password, the connection will be shared.
Ran into this while testing a script for concurrent usage using "LOCK TABLES" queries... and found that one tab's script was blocking until the other finished. No blocking occurred when different machines loaded the same script at the same time. Very interesting.
connect to mysql via named pipe under windows :
in my.ini, add this:
[mysqld]
enable-named-pipe
then connect to the server, then connect to mysql using
mysql_connect('.')
A description about the problem with the password hashing and how to adress them can be found at http://dev.mysql.com/doc/mysql/en/Password_hashing.html
In MySQL4.1 and later, the default password hashing format has changed making it incompatible with 3.x clients.
I found out mysql_connect() works on server versions >= 4.1 when your MySQL user password is blank because password authentication isn't done in that case, otherwise you need to use another connection method (e.g. mysqli).
Also if you are using old MySQL tables on a new server (i.e. the passwords are stored in the old format), then the server will use the old auth method automatically and this function should work in all cases.
Hopefully this will help someone, it had me confused for a while because some of the users on my 4.1 server could connect and some couldn't.
to use load data local infile function from mysql (at mysql 4.0.16, php 4.3.3), set fifth parameter of mysql_connect() to CLIENT_LOCAL_FILES(128), which based on MYSQL C API ( also mysql server support load file, check by "show variables like 'local_infile' ")
Thank 'phpweb at eden2 dot com' to point this out
client_flags can be things other than MYSQL_CLIENT_COMPRESS, MYSQL_CLIENT_IGNORE_SPACE and MYSQL_CLIENT_INTERACTIVE.
I presume that mysql_connect() just passes through to the C MySQL API, which provides these constants:
#define CLIENT_LONG_PASSWORD 1 /* new more secure passwords */
#define CLIENT_FOUND_ROWS 2 /* Found instead of affected rows */
#define CLIENT_LONG_FLAG 4 /* Get all column flags */
#define CLIENT_CONNECT_WITH_DB 8 /* One can specify db on connect */
#define CLIENT_NO_SCHEMA 16 /* Don't allow database.table.column */
#define CLIENT_COMPRESS 32 /* Can use compression protocol */
#define CLIENT_ODBC 64 /* Odbc client */
#define CLIENT_LOCAL_FILES 128 /* Can use LOAD DATA LOCAL */
#define CLIENT_IGNORE_SPACE 256 /* Ignore spaces before '(' */
#define CLIENT_CHANGE_USER 512 /* Support the mysql_change_user() */
#define CLIENT_INTERACTIVE 1024 /* This is an interactive client */
#define CLIENT_SSL 2048 /* Switch to SSL after handshake */
#define CLIENT_IGNORE_SIGPIPE 4096 /* IGNORE sigpipes */
#define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */
Not all of these may work or be meaningful, but CLIENT_FOUND_ROWS does, at least.
Another solution to the security problems of putting usernames and passwords into scripts. I haven't found this documented anywhere else so thought I'd suggest it for the online documentation. ........
Don't put passwords for mysql into scripts which may be read by any user on the machine. Instead put them into an Apache configuration file and make sure that it is not world-readable. (Apache reads its main config files as root.)
For example, add this to your httpd.conf (and chmod it to 600 or 660) then tell your apache to reload itself (apachectl graceful).
<Directory /var/www/html/mydatabase>
php_value mysql.default_user fred
php_value mysql.default_password secret
php_value mysql.default_host server.example.com
</Directory>
Then all you need in your PHP code is
$handle = mysql_connect() or die(mysql_error());
The passwords etc will only be picked up by scripts running in the named directory (or a sub-directory). The same may be done for virtualhosts etc.
If you don't want to keep reloading your Apache server then you ay test things putting the php_value directives into a (world readable) .htaccess file. (Clearly not for production use.)
If you need to debug the values that are being supplied (or not) then use this snippet:
@syslog(LOG_DEBUG, "Using user=".ini_get("mysql.default_user").
" pass=".ini_get("mysql.default_password").
" host=".ini_get("mysql.default_host"));
(This assumes that you are not running in 'safe_mode' and that you are on a unix of some sort.)
Just in case you didn't know. You can use mysql_connect in a function to connect to a database and the connection is a super-global... meaning you can use mysql_query in other functions or in no function at all and PHP will use the connection that you opened. This is a handy bit of knowledge that helps if you have a large site with lots of scripts. If you create one function to connect to a db, and call that function in all your scripts, it makes for easier code maintenance since you only have to update one line of code to change your mysql connection instead of updating all your scripts individually.