When you add the root password did you also add it to

$db = mysql_connect("localhost", "root");

like so

$db = mysql_connect("localhost", "root", "password");

Also what error does it return when you try and connect once you set the password?

Jatar_K

This is the original error message:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'root@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\testmydb.php on line 13

I tried the following you suggested:

$db = mysql_connect("localhost", "root", "password");

But when I did the above (with "password") it returned a different error:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'root@localhost' (Using password: YES) in C:\Program Files\Apache Group\Apache2\htdocs\testmydb.php on line 13

p.s. Was I supposed to replace password with my actual password? Or am I way off?

What version of MySQL did you install?
If it was 4.1, have a look at msg #9 regarding Mysql - 3.23 or 4.1 [webmasterworld.com].

p.s. Was I supposed to replace password with my actual password? Or am I way off?

You are right on. The answer is Yes, replace it with your actual password.

I have mySQL version 4.0.18

&

It worked when I used the actual password.

Thanks for your help....

Curious though, is there any security risks with using my password like that?

~Shane

A side note:
------------
MySQL's grant tables are refreshed differently depending how you changed privileges [mysql.com], but I try to make it a habit to FLUSH PRIVILEGES after changing passwords. Either that, or stop and restart the MySQL server daemon -- just to make sure.

---

Are there any security risks? You mean storing the connection information, including the password in a PHP script? Absolutely. But in order to connect to the database, it has to be this way. You can control this by storing the connection script off the document root and use PHP's include [php.net] function when connecting to the database.

The latter half of this thread addresses the question,
How would one best go about storing scripts off the document root? [webmasterworld.com]
(starting at the second question in msg #7) may help.

coopster,

I read your suggested thread on storing scripts above the root folder. Currently, my htdocs folder is my document root. However, i still do not understand how to separate the scripts from the doc root and make it work.

I know I probably have to tell the scripts where to find the includes but then how is a test.php (with the password) still accessible at [localhost...] when it is moved above the doc root?

Perhaps I should start a new thread for this but:

1. Should the document root stay in the Apache2 folder?

2. How do I change the location of my php scripts (that include my root password, like my first post) above my doc root folder in the php.ini file?

; Windows: "\path1;\path2"
include_path = ".;c:\php5\includes"

Do I make any sense?

>>...but then how is a test.php (with the password) still accessible at h**p://localhost/test.php when it is moved above the doc root?

PHP include [php.net] function.
Example in msg #2 here [webmasterworld.com...]

>>1. Should the document root stay in the Apache2 folder?

The Document Root [httpd.apache.org] should be fine there, if you prefer. Did you read through the Apache Security Tips [httpd.apache.org]? You could also create a subdirectory (public, www, whatever...) in htdocs and make that your new Document Root, and put an "includes" directory in the htdocs directory. You may want to brush up Virtual Hosts [httpd.apache.org] if you intend to run more than one web site on a single machine.

>>2. How do I change the location of my php scripts (that include my root password, like my first post) above my doc root folder in the php.ini file?

That's right, modify the

include_path

configuration directive. You can specify a list of directories where the require(), include() and fopen_with_path() functions look for files. The format is like the system's PATH environment variable: a list of directories separated with a colon in Unix or semicolon in Windows. See include_path [php.net] for more information.

Thanks Coopster,

I guess I have some learning to do here.

I figure that include() script in the example.php is used to access and run the .inc files located in the includes folder.

Figuring this all out is overwhelming...

Thanks for making it easier!

~Shane

Coopster & Jatar_K,

Just to recap and bring closure to this thread.

This is what I did:

1. Created header.inc.php file

<?php

$db = mysql_connect("localhost", "root", "password_here");

mysql_select_db("submit_email",$db);

?>

<html>

<head>

<title>

<?php echo $title?>

</title>

2. Saved header.inc.php file to /includes (one level above the document root)

3. Created PHP page:

<title>Test</title>
<body>
<?php

include("header.inc.php");

?>

<td>&nbsp;</td>
<td><div align="center">
<h2>Body</h2>
</div></td>
<td>&nbsp;</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>&nbsp;</td>
<td><div align="center">
<h3>Area</h3>
<p>&nbsp;</p>
<p><form action="thankyou.php" method="post" name="submit_email" id="submit_email">
<table width="100" border="0" cellspacing="0" cellpadding="10">
<tr>
<td><h3>Name:</h3></td>
<td>
<input name="name" type="text" id="name"></td>
</tr>
<tr>
<td><h3>Email:</h3></td>
<td>
<input name="email" type="text" id="email"></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Enter Information"></td>
<td>&nbsp;</td>
</tr>
</table>
</form>&nbsp;</p>
</div></td>
<td>&nbsp;</td>
</tr>
</table></center>

<?php

include("footer.inc.php");

?>

4. Saved submit_email_body.php to document root.

5. Created footer.inc.php file

<div align="center">
<h3>FOOTER GOES HERE </h3>
</div>
</body>
</html>

6. Saved footer.inc.php to /inlcudes (one level above document root)

---------------------------
I hope this helps others...

Thanks Jatar and Coopster.

Hello - sorry to do this but I am having the same problem that you were getting - but I cannot fix it like you did. If I try to access my 'http://localhost/phpmyadmin/index.php' file WITH a password itwon't play - but if I leave the password blank it lets me in?

It gives me a warning in big red letters telling me.. 'Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.'

I have entered the password in ebery config file everywhere I can think of, but obviously to no avail. I've been on this for 2 days and am going to cry soon!

Any ideas? Please?
Jim

I don't use PHPMYADMIN, but believe I have seen that it also has it's own config file that requires setup. Have you done this yet?

Yep - thnx coopster - I sorted it out. I'm not entirely sure how I sorted it out, but it works now!

Thnx again. I have a new problem now - how the heck do you upload it to a live server? (i.e.; where do you put the mysql element on the server?)

Jim