script does not die

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Tue Feb 11, 2003 6:10 pm

I've got a problem.


my code is not giving an error when it's supposed to.

Code: Select all

$db = MYSQL_CONNECT($db_host,$db_user,$db_pass) or die("Could not connect: " . mysql_error());

echo 'Connection Complete';


it correctly errors out if the $db_user actually exists or if $db_pass has a value($db_user remaining null), if the user does not exist and a password is not set script does not die.

anyone?

User avatar
mammal
New php-forum User
New php-forum User
Posts: 37
Joined: Wed Apr 02, 2003 1:31 am
Location: Hythe, UK

Wed Apr 02, 2003 2:26 am

Try this instead:

<?

$db = mysql_connect ("localhost", "username", "password");
$db_select = mysql_select_db ("table_name");
if (!$db){ echo "DB Connection Failure";}
if (!$db_select){ echo "DB Selection Failure";}

?>

Just fill in the blanks, I think you need to select a table within the database too, that may be why its not working...

User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Wed Apr 02, 2003 6:02 pm

it correctly errors out if the $db_user actually exists or if $db_pass has a value($db_user remaining null), if the user does not exist and a password is not set script does not die.


Hard coded or not this happens. It is due to a bug in mysql that results in a successful connection when the user does not exist. It can be considered by some a security hazard so by checking that information was actually input is a workaround.

User avatar
WiZARD
Moderator
Moderator
Posts: 1240
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

Sun Jun 08, 2003 3:39 am

Redcircle wrote:
it correctly errors out if the $db_user actually exists or if $db_pass has a value($db_user remaining null), if the user does not exist and a password is not set script does not die.


Hard coded or not this happens. It is due to a bug in mysql that results in a successful connection when the user does not exist. It can be considered by some a security hazard so by checking that information was actually input is a workaround.

you need to insert into youre code one string before any actios:

Code: Select all

error_reporting (E_ALL ^ E_NOTICE);
"Sex,Drugs and Rock&Roll " replaced at "Sucks,Bugs and Plug&Play";
Image

User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Mon Jun 09, 2003 8:16 am

this was happening with error reporting set to E_ALL in the php.ini

It's a bug somewhere I think.. i'm not too concrened with it.. Only reason I wondered about it is becasue the installation script that I wrote asks people that are installing the script to enter thier DB info.. I was getting a lot of questions on why the sctipt did't work.. mainly becasue people that didn't know what they were doing weren't putting in the db info.

User avatar
WiZARD
Moderator
Moderator
Posts: 1240
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

Tue Jun 10, 2003 12:33 am

wait a second, you mean what any user what regestering in youre DB have account in mysql->user database?
are you crazy man?
"Sex,Drugs and Rock&Roll " replaced at "Sucks,Bugs and Plug&Play";
Image

User avatar
mike
New php-forum User
New php-forum User
Posts: 73
Joined: Sun May 04, 2003 4:26 am
Location: Athens
Contact:

Fri Jun 13, 2003 5:26 pm

I had a simillar problem on 3.23.xx . As I remember right there was a small bug on mysql_error reporting function.
11:16am up 404 days, 2 users, load average: 148.68, 143.45, 132.6


Mike Vassileiou
[Systems Administrator / PHP Developer]


PHP/MySQL Manual:
http://www.phpmysql-manual.com

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 0 guests