|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg  mysql_connect
Open a connection to a MySQL Server
(PHP 4, PHP 5, PECL mysql:1.0)
Example 1415. mysql_connect() example<?phpExample 1416. mysql_connect() example using hostname:port syntax<?phpExample 1417. mysql_connect() example using ":/path/to/socket" syntax<?phpRelated Examples ( Source code ) » mysql_connect Examples ( Source code ) » Build query string based on form input Examples ( Source code ) » Open browser password dialog and authenticate user based on database Examples ( Source code ) » Selecting a Database Examples ( Source code ) » PHP code to establish a connection with MySQL Examples ( Source code ) » Close database connections Examples ( Source code ) » Creating a Database in MySQL Examples ( Source code ) » Delete data from database table Examples ( Source code ) » Delete data from database by ID Examples ( Source code ) » Table data insert Examples ( Source code ) » Use form to add data to database Examples ( Source code ) » Adding a Row to a Table Examples ( Source code ) » List all database Examples ( Source code ) » List all tables in a database Examples ( Source code ) » Get MySQL server information Examples ( Source code ) » Get MySQL host information Code Examples / Notes » mysql_connectmartinnitram
to use load data local infile function from mysql (at mysql 4.0.16, php 4.3.3), set fifth parameter of mysql_connect() to CLIENT_LOCAL_FILES(128), which based on MYSQL C API ( also mysql server support load file, check by "show variables like 'local_infile' ") Thank 'phpweb at eden2 dot com' to point this out nospam
There should already be a post in here about this, but I would like to follow up on the idea that anyone can read your .inc files, which might contain username/password combos for mysql access. There is a very simple way to block this. If you are using Apache, just edit your httpd.conf file, and look for the following lines: <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> Okay... that little chunk of text is saying that you don't want files that begin with .ht to be readable through apache. We also don't want people to see any files that end with .inc. So, just add the following chunk of text to your httpd.conf file: <Files ~ "\.inc(\.php)?$> Order allow,deny Deny from all Satisfy All </Files> This will block anyone from seeing your .inc files over the web. It is much smarter than naming include files, "*.php". Use the .php extension for your code, and save .inc for actual include data, and don't worry about people reading your .inc's anymore. Hope this helps somebody. Oh yeah... one other thing... obviously, anytime you make a change to httpd.conf (or whatever you have named your Apache config file), you must restart apache for the changes to take effect. peter robinett
The use of mysql connections can become tricky with objects. I am using mysql_connect() in a database class I wrote and the class destructor calls mysql_close. Because I have several of these database objects, mysql_connect reuses existing connections. This is fine except when the script reaches the end of execution and PHP's garabage collection calls all the objects' __destruct() functions. mysql_close() throws a warning that the connection is invalid, in my case for one object. This is happening with objects which use an existing connection, as the connection has already been closed. I solved the problem by forcing mysql_connect() to create a new connection each time. This is not efficient but is sufficient for my purposes for now. I wouldn't say this is a bug per-se, but it's something to look out for. I imagine using mysqli is the ultimate solution... angelo
The post from 'Graham_Rule at ed dot ac dot uk' should include the following WARNING: WARING: THE VALUES OF THESE DIRECTIVES WILL BE EXPOSED IF ANY OF THE CODE INCLUDES THE phpinfo() FUNCTION. The phpinfo() function will print these values clear as day. I highly suggest against this method of storing MySQL authentication information. I recommend creating connect and cleanup functions in a separate include file. If security is a concern, locate the include file outside of your web root folder. <?php $g_link = false; function GetMyConnection() { global $g_link; if( $g_link ) return $g_link; $g_link = mysql_connect( 'host.name', 'user', 'password') or die('Could not connect to server.' ); mysql_select_db('database_name', $g_link) or die('Could not select database.'); return $g_link; } function CleanUpDB() { global $g_link; if( $g_link != false ) mysql_close($g_link); $g_link = false; } ?> Simply include your connnection.php file in your script and anywhere you use the mysql_query() function include a call to the GetMyConnection() function. <?php $res = mysql_query("SELECT ...", GetMyConnection() ); ?> rec0rder
The method I use to "protect" mySQL connect is to place dbConnect.php outside the web directory. I will create a directory: /var/include/ Put "dbConnect.php" into /var/include/ Edit your php.ini file to read "/var/include/" an include directory. In your PHP now, you just have to do: require("dbConnect.php"); graham_rule
The addition of entries to httpd.conf to stop .inc files being served by Apache is certainly useful and to be recommended. But it doesn't change the fact that these files have to be readable by Apache so that the PHP processor can get at them. As long as your don't have multiple, possibly untrusted, users on your machine then that's OK. But when you are running a large multi-user service with thousands of users its always possible that one of them will look at your .inc files and take a note of the passwords you have in them. They could even copy them into their own scripts and modify your databases! Even if local users are trusted, there is always the possibility of a rogue script (PHP or some nastier language) being installed by an ignorant user. That script might then read your .inc files (whether or not they are in the web publishing tree) and expose your password. aesar
That's an interesting discovery. I don't think it should be this way, but I think it's more a firefox/browser bug (at least, if you see it as a bug) than a fault in mysql/php. What happens if you load the pages in two different browser screens instead of two tabs? ignacio casinelli esviza
Sometimes, I want that MySQL service start automatically when my app need it. This is specially true if you work in a development PC and/or in an small intranet environment. You can do something like this: if the mysql_connect() function returns FALSE, try to force the initialization of the MySQL service! For example, under Windows: <?php $link = @mysql_connect($server,$user,$pass); if (empty($link)){ @exec("%SystemRoot%\\system32\\net.exe start mysql"); sleep(5); $link = @mysql_connect($servidor,$usuario,$clave); } ?> In Linux of course you can try "/etc/init.d/mysqld start" but you will need special permissions. Regards. mario
PHP (5.1.2) stores connections according to script name and remote host, apparently. If the same script is requested by the same browser in two different tabs (Firefox for this test) and requests a non-persistent connection using the same user and password, the connection will be shared. Ran into this while testing a script for concurrent usage using "LOCK TABLES" queries... and found that one tab's script was blocking until the other finished. No blocking occurred when different machines loaded the same script at the same time. Very interesting. martin
MYSQL_CLIENT_SSL is not working, use MySQLi and mysqli->ssl_set()
amn -at- frognet.net
Just in case you didn't know. You can use mysql_connect in a function to connect to a database and the connection is a super-global... meaning you can use mysql_query in other functions or in no function at all and PHP will use the connection that you opened. This is a handy bit of knowledge that helps if you have a large site with lots of scripts. If you create one function to connect to a db, and call that function in all your scripts, it makes for easier code maintenance since you only have to update one line of code to change your mysql connection instead of updating all your scripts individually.
chaoscontrol_hq
In MySQL4.1 and later, the default password hashing format has changed making it incompatible with 3.x clients. I found out mysql_connect() works on server versions >= 4.1 when your MySQL user password is blank because password authentication isn't done in that case, otherwise you need to use another connection method (e.g. mysqli). Also if you are using old MySQL tables on a new server (i.e. the passwords are stored in the old format), then the server will use the old auth method automatically and this function should work in all cases. Hopefully this will help someone, it had me confused for a while because some of the users on my 4.1 server could connect and some couldn't. sky dot sama dot remove dot dots
In case anyone else is getting "Client does not support authentication protocol requested by server; consider upgrading MySQL client" error. The problem is the new password hashing method used by MySQL >= 4.1 mentioned below. Either update your PHP to v5 where the new password hashing is supported or use old_password() in MySQL 4.1. FROM: http://www.digitalpeer.com/id/mysql UPDATE mysql.user SET password=old_password("youroldhashpassword") WHERE user ='youruserid' and host ='yourhost' then do FLUSH PRIVILEGES brinca
If you prefer to use a hostname instead of an ip on your connection string in a script (to be able to change the ip at will), but don't want the overhead of dns lookups, just add it to your /etc/hosts file (in windows: %WINDIR%/system32/drivers/etc/hosts). For example, add the following to your hosts file (changing the bogus ip to your server's real ip): 123.123.123.123 mysqlserver1 Note: On linux, make sure you have "order: hosts,bind" on your /etc/host.conf file. On a script, make the mysql connection like so: <? $sid = mysql_connect ("mysqlserver1", "user", "pass"); ?> Note: this sample is in php, but it can be any other programming language (just type "ping mysqlserver1" on a prompt, on your server) And there you have it! If your server ever gets assigned a different ip, just update the hosts file with the new one (every script will work as-is, even if under different hostnames). jslakva
if between first and second call with same arguments there was another call with another argument, initial connection link is not reused, but new connection is created instead, regardless of new_link argument. for example, here only one single link will be opened and then reused: <?php $link1 = mysql_connect("localhost"); $link2 = mysql_connect("localhost"); ?> and here _three_ separate links will be opened: <?php $link1 = mysql_connect("localhost"); $link3 = mysql_connect("127.0.0.1"); $link2 = mysql_connect("localhost"); ?> so if you wanted to switch between connections just by call to mysql_connect, and rely on its internal link caching, you can be wasting your database connections. graham_rule
How to get at multiple MySQL databases from PHP while continuing to hide the user credentials in Apache configuration files. (This builds on my solution to the problem of hiding such credentials that I posted in May 2003 at http://uk2.php.net/manual/en/function.mysql-connect.php#32035) <Directory /var/www/html/multidatabase> php_value mysql.default_user "username1 username2" php_value mysql.default_password "secret private" php_value mysql.default_host "localhost server.example.com" </Directory> Note that the quotes are necessary to prevent the parser complaining about seeing too many parameters for php_value. Given this setup in Apache, our script can fetch the composite value $hostnames = @ini_get('mysql.default_host'); Split it into its component parts $hostnames = preg_split("/[\s]+/", $hostnames); Then use the values in this array as if we had hard-coded: $hostnames[0] = "localhost"; $hostnames[1] = "server.example.com" Similar code may be written to fetch the usernames and passwords. (One 'gotcha' with the mysql_error() function is that it will not give a sensible error report if there is a failure to open a second or subsequent connection. It uses the last successfully opened connection as the basis for its message!) rui dot batista
Ever wonder what "default username" is? <?php $link = mysql_connect() or die(mysql_error()); $result = mysql_query("SELECT SESSION_USER(), CURRENT_USER();"); $row = mysql_fetch_row($result); echo "SESSION USER: ", $row[0], " \n"; echo "CURRENT USER: ", $row[1], " \n"; ?> Both are ODBC@localhost in my win2k install, so my advice for windows is: - create a MySQL user named ODBC with no password - add localhost to ODBC user [right-click ODBC] - set schema previleges to ODBC@localhost - use mysql_connect() with no parms, or do not use ;) This turns to work also with odbc_connect: odbc_connect("myDSN", "", "") 25-jun-2005 11:18
connect to mysql via named pipe under windows : in my.ini, add this: [mysqld] enable-named-pipe then connect to the server, then connect to mysql using mysql_connect('.') phpweb
client_flags can be things other than MYSQL_CLIENT_COMPRESS, MYSQL_CLIENT_IGNORE_SPACE and MYSQL_CLIENT_INTERACTIVE. I presume that mysql_connect() just passes through to the C MySQL API, which provides these constants: #define CLIENT_LONG_PASSWORD 1 /* new more secure passwords */ #define CLIENT_FOUND_ROWS 2 /* Found instead of affected rows */ #define CLIENT_LONG_FLAG 4 /* Get all column flags */ #define CLIENT_CONNECT_WITH_DB 8 /* One can specify db on connect */ #define CLIENT_NO_SCHEMA 16 /* Don't allow database.table.column */ #define CLIENT_COMPRESS 32 /* Can use compression protocol */ #define CLIENT_ODBC 64 /* Odbc client */ #define CLIENT_LOCAL_FILES 128 /* Can use LOAD DATA LOCAL */ #define CLIENT_IGNORE_SPACE 256 /* Ignore spaces before '(' */ #define CLIENT_CHANGE_USER 512 /* Support the mysql_change_user() */ #define CLIENT_INTERACTIVE 1024 /* This is an interactive client */ #define CLIENT_SSL 2048 /* Switch to SSL after handshake */ #define CLIENT_IGNORE_SIGPIPE 4096 /* IGNORE sigpipes */ #define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */ Not all of these may work or be meaningful, but CLIENT_FOUND_ROWS does, at least. graham_rule
Another solution to the security problems of putting usernames and passwords into scripts. I haven't found this documented anywhere else so thought I'd suggest it for the online documentation. ........ Don't put passwords for mysql into scripts which may be read by any user on the machine. Instead put them into an Apache configuration file and make sure that it is not world-readable. (Apache reads its main config files as root.) For example, add this to your httpd.conf (and chmod it to 600 or 660) then tell your apache to reload itself (apachectl graceful). <Directory /var/www/html/mydatabase> php_value mysql.default_user fred php_value mysql.default_password secret php_value mysql.default_host server.example.com </Directory> Then all you need in your PHP code is $handle = mysql_connect() or die(mysql_error()); The passwords etc will only be picked up by scripts running in the named directory (or a sub-directory). The same may be done for virtualhosts etc. If you don't want to keep reloading your Apache server then you ay test things putting the php_value directives into a (world readable) .htaccess file. (Clearly not for production use.) If you need to debug the values that are being supplied (or not) then use this snippet: @syslog(LOG_DEBUG, "Using user=".ini_get("mysql.default_user"). " pass=".ini_get("mysql.default_password"). " host=".ini_get("mysql.default_host")); (This assumes that you are not running in 'safe_mode' and that you are on a unix of some sort.) aichi
All constants from MySQL source: #define CLIENT_LONG_PASSWORD 1 /* new more secure passwords */ #define CLIENT_FOUND_ROWS 2 /* Found instead of affected rows */ #define CLIENT_LONG_FLAG 4 /* Get all column flags */ #define CLIENT_CONNECT_WITH_DB 8 /* One can specify db on connect */ #define CLIENT_NO_SCHEMA 16 /* Don't allow database.table.column */ #define CLIENT_COMPRESS 32 /* Can use compression protocol */ #define CLIENT_ODBC 64 /* Odbc client */ #define CLIENT_LOCAL_FILES 128 /* Can use LOAD DATA LOCAL */ #define CLIENT_IGNORE_SPACE 256 /* Ignore spaces before '(' */ #define CLIENT_PROTOCOL_41 512 /* New 4.1 protocol */ #define CLIENT_INTERACTIVE 1024 /* This is an interactive client */ #define CLIENT_SSL 2048 /* Switch to SSL after handshake */ #define CLIENT_IGNORE_SIGPIPE 4096 /* IGNORE sigpipes */ #define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */ #define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */ #define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */ #define CLIENT_MULTI_STATEMENTS 65536 /* Enable/disable multi-stmt support */ #define CLIENT_MULTI_RESULTS 131072 /* Enable/disable multi-results */ #define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31) camitz
A description about the problem with the password hashing and how to adress them can be found at http://dev.mysql.com/doc/mysql/en/Password_hashing.html
|
Change Language
mysql_affected_rows mysql_change_user mysql_client_encoding mysql_close mysql_connect mysql_create_db mysql_data_seek mysql_db_name mysql_db_query mysql_drop_db mysql_errno mysql_error mysql_escape_string mysql_fetch_array mysql_fetch_assoc mysql_fetch_field mysql_fetch_lengths mysql_fetch_object mysql_fetch_row mysql_field_flags mysql_field_len mysql_field_name mysql_field_seek mysql_field_table mysql_field_type mysql_free_result mysql_get_client_info mysql_get_host_info mysql_get_proto_info mysql_get_server_info mysql_info mysql_insert_id mysql_list_dbs mysql_list_fields mysql_list_processes mysql_list_tables mysql_num_fields mysql_num_rows mysql_pconnect mysql_ping mysql_query mysql_real_escape_string mysql_result mysql_select_db mysql_set_charset mysql_stat mysql_tablename mysql_thread_id mysql_unbuffered_query |
