通过PHP以较少的权限连接到MySQL用户
[英]Connecting through PHP to a MySQL user with less privileges
问题描述
Maybe I am missing something, I am misunderstanding something about MySQL-PHP connections... I can't figure. 
也许我错过了一些东西,我误解了MySQL-PHP连接的一些东西……我想不通。 I know it will be a lot to read but I can't put this in less words... Sorry! 我知道会读很多东西,但我不能用更少的词来表达……对不起!
The problem is: I am using XAMPP; 问题是:我正在使用XAMPP; I created in Phpmyadmin a 'user' with less privileges than user "root" (only INSERT and UPDATE) and then I am connecting in php file with this new user to MySQL. 我在Phpmyadmin中创建了一个比“根”用户(只有INSERT和UPDATE)具有更少特权的“用户”,然后使用这个新用户将php文件连接到MySQL。 After connecting and selecting a specific db ('test'), I am using a DELETE query just to see what it does, and it actually deletes the row from a table I specify even though I expected it won't be able to do this since the user I used to connect to the db has only insert and update privileges. 连接并选择特定的数据库(“测试”)后,我使用DELETE查询只是为了查看它的作用,并且实际上从我指定的表中删除了该行,即使我希望它无法执行此操作因为我以前用来连接数据库的用户只有插入和更新权限。 What am I missing? 我想念什么?
In phpmyadmin, in 'mysql' db - 'user' table, my low privileges 'user' appears and it has the exact privileges i granted it and they are global! 在phpmyadmin中,在“ mysql”数据库-“用户”表中,出现我的低权限用户“ user”,它具有我授予它的确切权限,并且它们是全局的! Still, if I connect to another db with this 'user' and try to use delete query, it will say access denied. 不过,如果我使用此“用户”连接到另一个数据库并尝试使用删除查询,它将说访问被拒绝。 So it acts like an "admin" with only one DB ('test') but has limited privileges on all others. 因此,它就像一个只有一个数据库(“测试”)的“管理员”一样,但是对所有其他数据库的特权却有限。
Here's a screen shot from tab 'Users'. 这是“用户”标签中的屏幕截图。 The limited user is at the bottom ('user') - http://gyazo.com/1ed0218982a4b80eb2927cee78e2a46c 受限制的用户位于底部(“用户”) -http://gyazo.com/1ed0218982a4b80eb2927cee78e2a46c
1 个解决方案
解决方案1
0 2015-05-07 17:26:20
The likely solution is that, for whatever reason, your application is connecting as a different user. 可能的解决方案是,无论出于何种原因,您的应用程序都以不同的用户身份进行连接。 Instead of the DELETE query, try running STATUS ;` and look carefully at the output. 尝试运行STATUS ;`而不是DELETE查询,并仔细查看输出。 Amongst other things, you should see a line like 除其他事项外,您应该会看到类似
Current user: user@localhost
If it's anything else, then your script is not connecting as the user you think it is and you have to check your application for why that is happening. 如果还有其他问题,那么您的脚本将无法以您认为的用户身份进行连接,因此您必须检查应用程序以了解发生这种情况的原因。 If that really says user@localhost, the next step is to log in to phpMyAdmin as that user (just use 'user' as the username in the login field). 如果确实显示user @ localhost,则下一步是以该用户身份登录phpMyAdmin(只需在登录字段中使用“ user”作为用户名)。 Once you're connected, look on the right hand side of the main page for the user and host you're connected as. 建立连接后,请在主页的右侧查找作为连接对象的用户和主机。
A less likely solution is that you've added additional database-level permissions for the user@localhost account -- to check that, click through the "Edit privileges" link then go to the Database tab at the top and see if there's anything odd appearing there. 一种不太可能的解决方案是,已为user @ localhost帐户添加了其他数据库级别的权限-要进行检查,请单击“编辑权限”链接,然后转到顶部的“数据库”选项卡,查看是否有奇怪的地方出现在那里。
Here is a user that has global INSERT and UPDATE privileges, plus full control over the sakila databsase: 这是一个具有全局INSERT和UPDATE特权以及对sakila databsase的完全控制权的用户:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.