Hard-coded passwords should be OK assuming that a raw-text version of that script never gets published to the web. Because that file is within your web-root somewhere, it is possible to expose that password if server settings were every changed inappropriately. Best bet would be to store the password in a file above the web-root directory, and include it in this script.

Scalability is a huge issue with a solution like this, however. If you plan on having any additional users than things become difficult and unnecessary. If you could gain access to that remote database server than that is probably your best bet. Check the permissions and settings of the remote server (to allow outside connections, for example) and go from there. Also use your error log to your advantage, checking it as things do not work.

OK thanks. Yeah it's only ever going to need 1 user. It's quite basic. Will look into holding a pass above the root directory and go from there.

Thanks for the advice!

I'm having trouble accessing a db remotely and logging in.

And what is this trouble, why would you work around it rather than find out why it's broken and just fix it?

Well I have added the ip address of the server I am trying to connect from to my remote mysql section. I asked my hosts to add the ip address of the server to their firewall as well.

I am using this to connect:

$db->connect(
"http://www.example.com",
"username",
"#password",
"database"
);

This works locally connecting to my remote server right next to me - different pc. (Not so remote...:-)

When I try to do this live: I get this...

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'www-data'@'localhost' (using password: NO) in /var/www/vhosts/example.com/httpdocs/library/database.php on line 933

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /var/www/vhosts/example.com/httpdocs/library/database.php on line 933

Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /var/www/vhosts/example.com/httpdocs/library/models/model.php on line 23

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /var/www/vhostsexample.com/httpdocs/library/models/model.php on line 23

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/example.com/httpdocs/library/models/model.php on line 25
Array ( )
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/vhosts/example.com/httpdocs/library/database.php:933) in /var/www/vhosts/example.com/httpdocs/processlogin.php on line 28
Login Failed, please try again.

Now I have no clue what to do...

Ha! This one's pretty common. :-)

Access denied for user 'www-data'@'localhost' (using password: NO) in /var/www/vhosts/example.com/httpdocs/library/database.php on line 933

I'm a little confused, but my ramblings will probably lead you to a solution. First, here is what this error is telling you. The user "www-data' has no access to the local host. That is, if I log in to this server and via command line try to log in as user www-data and no password,, I'll get the same message.

There may be two problems here. The first is "Using password: no". It's saying whatever function is happening in your connection is not passing the password. Normally, via command line, you do

mysql -u www-data -p
and are prompted for a pass. It's as if you are doing this

mysql -u www-data

It's missing the -p, use password, flag. Whatever you enter it may let you "log in" but you won't have permissions to use any databases.

I suspect the mysql methods are doing something like

if ($user) { $con_string .= '-u ' . $user; }
if ($database) { $conn_string .= ' ' . $database . ' '; }
if ($pass) { $con_string = '-p ' . $pass; }

So if the password value is missing, you get "using password: NO"

Now for my confusion, you say you are connecting with this:

$db->connect(
"http://www.example.com",
"www-data", // note I added this
"#password",
"database"
);

Note the bolded above. It's not recognizing the host. Whatever example.com is, it's invalid so it's reverting to localhost. OR, your server may be configured to only accept connections from localhost and are ignoring the mysql server parameter completely.

So figure these two out: make sure it allows remote connections and that the mysql server URL is correct. Usually it's NOT an http: it's usually just a raw IP address or 'mysqlserver.example.com'. No http. mySQL was designed to accept remote connections, which is what makes it easy to dedicate a server to mySQL only, but most usage and hosting have it set to localhost by default. Some don't even allow remote connections at all, if you're in this condition you're hosed.

The last thing: once you figure the above two, you will have another (possible) problem. Look at the user:

'www-data'@'localhost'

Normally when you set up a user via something like phpMyAdmin, here is what it actually does:

grant all privileges on database_name.* to 'www-data'@'localhost' identified by 'p@$$wUrDh3r3';

For a remote user, or even for users on subdomains, you need to do this:

grant all privileges on database_name.* to 'www-data'@'%' identified by 'p@$$wUrDh3r3';

You know the meaning of %, a wildcard, or "anything."

With this grant, from example.com (or any other site) I can connect to your database. "Any site, are you crazy?" A little. But without the U and P, any site can go all day and never hack in. But if this (uneccessarily) worries you, play with

grant all privileges on database_name.* to 'www-data'@'example.com' identified by 'p@$$wUrDh3r3';

grant all privileges on database_name.* to 'www-data'@'subdomain.example.com' identified by 'p@$$wUrDh3r3';

Somewhere in there is a fix for you. :-)

Ok, with the help of my hosts, I seem to have resolved the connection to the remote server bit.

Now I get told by MySQL that no DB is selected... :-(

You have to use mysql_select_db [php.net] to do so.

Ok, tried that, now I get this:

Access denied for user 'username'@'%' to database 'database'

using mysql_select_db

Have contacted both hosts about it and still no answer. That user is allowed to access that DB. I just did it locally.

Fixed! Now the next problem...

Forgot to add this, THANKS!

Sweet. Workarounds, no matter how ingenious they are, really do suck tar. :-) They just makes figuring out what the heck is going on more complicated. ("Why did they do this instead of [simple solution?] Surely there must be a reason, what am I missing?")

Fixed! Now the next problem...

Which is? :-)

Was...

Uploading a file and sorted that out! Was just the target_path was a bit tricky to figure out, gotta love $_SERVER['DOCUMENT_ROOT']

Also part of the solution for the remote mysql login was that the remote server was giving me an IP for example of 127.0.0.11 but from the company hosting it I was told, haphazardly out of the blue, that that server also identifies itself as 127.0.0.10 ... and once I added that new IP on top of the other, which took 10 emails to get out of them, into my remote MySQL login section, it worked like a charm. Now it would have been nice to know that from the start!

Thanks for your help and spurring me on to learn a bit more!