Welcome to WebmasterWorld Guest from 35.170.81.210

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

testing mySQL and PHP problem on localhost

database won't show when there is a root password

     
3:36 am on Mar 14, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


Hello,

I have setup mySQL and PHP with apache2 on my home Windows XP computer.

When I have no password on my root <default user> the following test.php script will display the database. But if I have a password for my root it won't allow the test.php script to access the database in the c:/mysql/data folder.

<html>
<body>
<?php
$db = mysql_connect("localhost", "root");

mysql_select_db("mydb",$db);

$result = mysql_query("SELECT * FROM employees",$db);

printf("First Name: %s<br>\n", mysql_result($result,0,"first"));

printf("Last Name: %s<br>\n", mysql_result($result,0,"last"));

printf("Address: %s<br>\n", mysql_result($result,0,"address"));

printf("Position: %s<br>\n", mysql_result($result,0,"position"));

?>

</body>
</html>

Every bit of documentation I read tells me I need a password for my root user. But if I have a password setup, testing with my database is not possible/accessible.

Does anyone know how I could approach this password/testing mysql database conflict?

5:03 pm on Mar 14, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15756
votes: 0


When you add the root password did you also add it to

$db = mysql_connect("localhost", "root");

like so

$db = mysql_connect("localhost", "root", "password");

Also what error does it return when you try and connect once you set the password?

6:52 pm on Mar 14, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


Jatar_K

This is the original error message:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'root@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\testmydb.php on line 13

I tried the following you suggested:

$db = mysql_connect("localhost", "root", "password");

But when I did the above (with "password") it returned a different error:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'root@localhost' (Using password: YES) in C:\Program Files\Apache Group\Apache2\htdocs\testmydb.php on line 13

p.s. Was I supposed to replace password with my actual password? Or am I way off?

6:54 pm on Mar 14, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


What version of MySQL did you install?
If it was 4.1, have a look at msg #9 regarding Mysql - 3.23 or 4.1 [webmasterworld.com].

p.s. Was I supposed to replace password with my actual password? Or am I way off?

You are right on. The answer is Yes, replace it with your actual password.

7:54 pm on Mar 14, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


I have mySQL version 4.0.18

&

It worked when I used the actual password.

Thanks for your help....

Curious though, is there any security risks with using my password like that?

~Shane

8:22 pm on Mar 14, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


A side note:
------------
MySQL's grant tables are refreshed differently depending how you changed privileges [mysql.com], but I try to make it a habit to FLUSH PRIVILEGES after changing passwords. Either that, or stop and restart the MySQL server daemon -- just to make sure.


Are there any security risks? You mean storing the connection information, including the password in a PHP script? Absolutely. But in order to connect to the database, it has to be this way. You can control this by storing the connection script off the document root and use PHP's include [php.net] function when connecting to the database.

The latter half of this thread addresses the question,
How would one best go about storing scripts off the document root? [webmasterworld.com]
(starting at the second question in msg #7) may help.

12:44 am on Mar 15, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


coopster,

I read your suggested thread on storing scripts above the root folder. Currently, my htdocs folder is my document root. However, i still do not understand how to separate the scripts from the doc root and make it work.

I know I probably have to tell the scripts where to find the includes but then how is a test.php (with the password) still accessible at [localhost...] when it is moved above the doc root?

Perhaps I should start a new thread for this but:

1. Should the document root stay in the Apache2 folder?

2. How do I change the location of my php scripts (that include my root password, like my first post) above my doc root folder in the php.ini file?

; Windows: "\path1;\path2"
include_path = ".;c:\php5\includes"

Do I make any sense?

2:41 pm on Mar 15, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


>>...but then how is a test.php (with the password) still accessible at h**p://localhost/test.php when it is moved above the doc root?

PHP include [php.net] function.
Example in msg #2 here [webmasterworld.com...]

>>1. Should the document root stay in the Apache2 folder?

The Document Root [httpd.apache.org] should be fine there, if you prefer. Did you read through the Apache Security Tips [httpd.apache.org]? You could also create a subdirectory (public, www, whatever...) in htdocs and make that your new Document Root, and put an "includes" directory in the htdocs directory. You may want to brush up Virtual Hosts [httpd.apache.org] if you intend to run more than one web site on a single machine.

>>2. How do I change the location of my php scripts (that include my root password, like my first post) above my doc root folder in the php.ini file?

That's right, modify the

include_path
configuration directive. You can specify a list of directories where the require(), include() and fopen_with_path() functions look for files. The format is like the system's PATH environment variable: a list of directories separated with a colon in Unix or semicolon in Windows. See include_path [php.net] for more information.
10:25 pm on Mar 16, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


Thanks Coopster,

I guess I have some learning to do here.

I figure that include() script in the example.php is used to access and run the .inc files located in the includes folder.

Figuring this all out is overwhelming...

Thanks for making it easier!

~Shane

7:09 pm on Mar 20, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 17, 2003
posts:107
votes: 0


Coopster & Jatar_K,

Just to recap and bring closure to this thread.

This is what I did:

1. Created header.inc.php file

<?php

$db = mysql_connect("localhost", "root", "password_here");

mysql_select_db("submit_email",$db);

?>

<html>

<head>

<title>

<?php echo $title?>

</title>

2. Saved header.inc.php file to /includes (one level above the document root)

3. Created PHP page:

<title>Test</title>
<body>
<?php

include("header.inc.php");

?>

<td>&nbsp;</td>
<td><div align="center">
<h2>Body</h2>
</div></td>
<td>&nbsp;</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>&nbsp;</td>
<td><div align="center">
<h3>Area</h3>
<p>&nbsp;</p>
<p><form action="thankyou.php" method="post" name="submit_email" id="submit_email">
<table width="100" border="0" cellspacing="0" cellpadding="10">
<tr>
<td><h3>Name:</h3></td>
<td>
<input name="name" type="text" id="name"></td>
</tr>
<tr>
<td><h3>Email:</h3></td>
<td>
<input name="email" type="text" id="email"></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Enter Information"></td>
<td>&nbsp;</td>
</tr>
</table>
</form>&nbsp;</p>
</div></td>
<td>&nbsp;</td>
</tr>
</table></center>

<?php

include("footer.inc.php");

?>

4. Saved submit_email_body.php to document root.

5. Created footer.inc.php file

<div align="center">
<h3>FOOTER GOES HERE </h3>
</div>
</body>
</html>

6. Saved footer.inc.php to /inlcudes (one level above document root)

---------------------------
I hope this helps others...

Thanks Jatar and Coopster.

7:00 pm on Apr 20, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Hello - sorry to do this but I am having the same problem that you were getting - but I cannot fix it like you did. If I try to access my 'http://localhost/phpmyadmin/index.php' file WITH a password itwon't play - but if I leave the password blank it lets me in?

It gives me a warning in big red letters telling me.. 'Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.'

I have entered the password in ebery config file everywhere I can think of, but obviously to no avail. I've been on this for 2 days and am going to cry soon!

Any ideas? Please?
Jim

8:22 pm on Apr 21, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


I don't use PHPMYADMIN, but believe I have seen that it also has it's own config file that requires setup. Have you done this yet?
8:50 pm on Apr 21, 2004 (gmt 0)

New User

10+ Year Member

joined:Mar 12, 2004
posts:18
votes: 0


Yep - thnx coopster - I sorted it out. I'm not entirely sure how I sorted it out, but it works now!

Thnx again. I have a new problem now - how the heck do you upload it to a live server? (i.e.; where do you put the mysql element on the server?)

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members