handling failure to connect

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

aps
New php-forum User
New php-forum User
Posts: 4
Joined: Thu Nov 04, 2004 2:55 pm

handling failure to connect

Postby aps » Wed Dec 29, 2004 10:33 am

In my code, I have the following syntax:

Code: Select all

// establish link to db
$link = mysql_connect("mysql.hostname.com", "username", "password") or die("Could not connect: " . mysql_error());


Usually, I don't have problems, however, occasionally, something is going on with my webhost service, and the MySQL db isn't working. As a result, rather than getting a normal page back, sans db results, I get the following:

Warning: mysql_connect(): Access denied for user: 'username' (Using password: YES) in E:\webspace\resadmin\domainname.com\domainname.com\www\sitenamefolder\index.php on line 38
Could not connect: Access denied for user: 'username' (Using password: YES)


Of course, I'm putting in dummy names for the username, password, and even domain (in this post...to be safe). But the actual output is providing significant real info, such as the real user name, and even a directory of where my webdocuments are being served up.

I imagine this is a huge security risk for me. How should I avoid this? Is it just a matter of taking the or die() code out?

Thanks in advance!
-Alex [/code]

User avatar
Oleg Butuzov
Last Samuray
Last Samuray
Posts: 831
Joined: Sun Jun 02, 2002 3:09 am

Postby Oleg Butuzov » Wed Dec 29, 2004 1:00 pm

only one reason - you dont have such user with this passsword.
-----------
try to use root with empty password at localhost.

User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Postby Redcircle » Sun Jan 02, 2005 5:22 am

oleg his problem is that his mysql server is down and it's still trying to authenticate.. this has happened to me.. but in my case it was becasue of a bad sql statement(wierd I know).

a way around it would be to create custom sql error handling.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Sun Jan 02, 2005 7:13 am

Redcircle... im not really sure that its the way you are saying...

I had several problems like that when i misstyped the username or password... If the server is down it would give you an error message: Could not connect to the server for 30 seconds or something like that

Custom erros handling:

@mysql_query($sql) or die("Im sorry!, but the script has encountered a problem, Error code: ".mysql_errno());

Note that you will have to suppress errors so it will not show warnings
However the last part with die() is optional... you can youse some cutom command that will, for instance write everything to an error-log or something,,, it can send emails to you and so on... or you can simply ignore it and dont do anything..

Note thar the user must have access from the localhost OR remote hosts (depending on where your server is) so it can connect..


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest