LOAD DATA INFILE + MySQL错误28000

Question

I'm having problems with the following SQL Query I want to execute:

LOAD DATA INFILE 'thelocationofmyfile.csv'
INTO TABLE test_import 
FIELDS TERMINATED BY ';'
LINES TERMINATED BY '\r\n'
IGNORE 1 LINES ( ArtID, ArtNamePharmLang, ArtNameFr, ArtNameNl, PubPrice, PercentageRebate, RebateAmount, SellingPrice, Localisation, CnkNr, EanNr, SoldQty, MinThd, MaxThd, QtyInStock, DateLastSale, VatRate, SupplierManufName, BuyPrice, InvCatCode, ArtType, ApbCatCode, ApbLegCode, PharmApbNr );

I want to load the data of an excel file into a table in my database. When I run this locally everything works. But when I do this on the server I get the following error:

Uncaught exception 'PDOException' with message 'SQLSTATE[28000]: Invalid authorization specification: 1045 Access denied for user 'myuser'@'localhost' (using password: YES)'

I'm trying to do this in PHP (in Zend Framework). When I contacted the hosting they said I needed the FILE permission to do this. But this is bad practice and not adviced.

I also tried to do this in a shell script like this:

#!/bin/bash
/usr/bin/mysql --host=localhost --user=theuser --password=password --database=db_database<<EOFMYSQL
LOAD DATA INFILE 'locationofmyfile.csv'
INTO TABLE test_import 
FIELDS TERMINATED BY ';'
LINES TERMINATED BY '\r\n'
IGNORE 1 LINES ( ArtID, ArtNamePharmLang, ArtNameFr, ArtNameNl, PubPrice, PercentageRebate, RebateAmount, SellingPrice, Localisation, CnkNr, EanNr, SoldQty, MinThd, MaxThd, QtyInStock, DateLastSale, VatRate, SupplierManufName, BuyPrice, InvCatCode, ArtType, ApbCatCode, ApbLegCode, PharmApbNr );
EOFMYSQL

But I got the same error:

ERROR 1045 (28000) at line 1: Access denied for user 'user'@'localhost' (using password: YES)

UPDATE:

I've tried to add LOCAL like this:

LOAD DATA LOCAL INFILE 'thelocationofmyfile.csv'

But then I get this error:

ERROR 1148 (42000) at line 1: The used command is not allowed with this MySQL version

Also tried to add --local-infile=1 like this but got same error

/usr/local/bin/mysql --host=127.0.0.1 --user=theuser --local-infile=1 --password=password --database=db_database

SECOND UPDATE:

My config file my.cnf looks like this:

[mysqld]
local-infile=0

max_connections         = 50
connect_timeout         = 5
wait_timeout            = 300
max_allowed_packet      = 16M
thread_cache_size       = 128
sort_buffer_size        = 4M
bulk_insert_buffer_size = 16M
tmp_table_size          = 16M
max_heap_table_size     = 16M
key_buffer_size         = 32M
open-files-limit        = 2000
table_cache             = 400
myisam_sort_buffer_size = 8M
concurrent_insert       = 2
read_buffer_size        = 2M
read_rnd_buffer_size    = 1M
query_cache_limit       = 1M
query_cache_size        = 32M
innodb_log_file_size    = 48M
max_allowed_packet  = 32M

The location where my connection is established doesn't really matter because I'm testing it with a shell script where I make the connection.

I don't get an error when I run

/usr/bin/mysql --host=localhost --user=theuser --password=password --database=db_database<<EOFMYSQL
show tables;
EOFMYSQL

(just a list of all the tables in my database)

When I run SHOW GRANTS; I get :

+------------------------------------------------------------------------------------------------------------------------+
| Grants for theuser@localhost                                                                                           |
+------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'theuser'@'localhost' IDENTIFIED BY PASSWORD '*password' |
| GRANT ALL PRIVILEGES ON `mydomain\_live`.* TO 'theuser'@'localhost'                                                    |
| GRANT ALL PRIVILEGES ON `mydomain\_staging`.* TO 'theuser'@'localhost' WITH GRANT OPTION                               |
+------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.01 sec)

Answer 1

You can try LOAD DATA LOCAL INFILE and use a file stored in the client's disk. This way you don't need to have FILE permission. It will be slower since the file has to be uploaded to server.

Hope this help

Answer 2

To begin with, please, show us your config file (my.cnf) and verison of the database. Also, code output where connection is estableshed would be helpful. It should be something like:

/*** mysql hostname ***/
$hostname = 'localhost';
/*** mysql username ***/
$username = 'user';
/*** mysql password ***/
$password = 'pass';

function testdb_connect ($hostname, $username, $password){
    $dbh = new PDO("mysql:host=$hostname;dbname=database", $username, $password);
    return $dbh;
}

try {
    $dbh = testdb_connect ($hostname, $username, $password);
    echo 'Connected to database';
} catch(PDOException $e) {
    echo $e->getMessage();
}

As for the errors:

ERROR 1045 (28000) at line 1: Access denied for user 'user'@'localhost'
and
ERROR 1148 (42000) at line 1: The used command is not allowed with this MySQL version

Do you get an error if you execute:

/usr/bin/mysql --host=localhost --user=theuser --password=password --database=db_database<<EOFMYSQL
show tables;
EOFMYSQL

One thing you might check is (which requires you to login to the MySQL console) - check to make sure that you have permissions to login to MySQL via localhost:

mysql -h 127.0.0.1 -u user -p

mysql> select user,host from mysql.user;
+------+--------------------------------+
| user | host                           |
+------+--------------------------------+
| user | 127.0.0.1                      | 
| user | ::1                            |
| user | localhost                      | <-- Make sure you have a localhost entry for root
+------+--------------------------------+
3 rows in set (0.00 sec)

Also, you may check GRANTS for your user. To list the privileges granted to the account that you are using to connect to the server, you can use any of the following statements:

SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;
SHOW GRANTS FOR CURRENT_USER();

Just to be sure that there is the issue with privileges, you mat try the following:

sudo service mysql stop
sudo mysqld --skip-grant-tables

And execute LOAD command then.

UPDATE

As for your config file, for security reasons you have:

[mysqld]
local-infile=0

If LOAD DATA LOCAL is disabled, either in the server or the client, a client that attempts to issue such a statement receives the following error message:

ERROR 1148: The used command is not allowed with this MySQL version

What you can it is set all users except 'admin' and 'root' (for instance) to not have that privilege at the mysql level, then login to MySQL and run the query:

UPDATE mysql.user SET File_priv='N' WHERE user!='da_admin' AND user!='root';
FLUSH PRIVILEGES;

For the command line try to use only "--local-infile" insted of "--local-infile=1" and let us know the result.

Answer 3

LOAD DATA INFILE

This directive is used to load files that are located on the server .

To use LOAD DATA INFILE , make sure:

• the connecting user has the FILE privilege. See 6.2.1 Privileges Provided by MySQL .

• the server has sufficient (filesystem) permissions to read the file.

• that if the secure_file_priv system variable is set, the file is located in that directory. The server will not load any files outside of that directory.

LOAD DATA LOCAL INFILE

This directive is used to load files that are located on the client .

To use LOAD DATA INFILE , make sure:

• the MySQL client is compiled with -DENABLED_LOCAL_INFILE=1 . LOAD DATA LOCAL INFILE cannot work without it.

  Most distributions are compiled with this flag, but some are not. This is mostly an issue where MySQL is compiled manually.

• the MySQL server is started with the option --local-infile=1 .

  You can also set local-infile=1 under the group [mysqld] , so it is enabled automatically when the server starts.

  LOAD DATA LOCAL INFILE cannot work without it.

• the option loose-local-infile=1 is set under the group [client] . This isn't always needed, but it's better to make sure this isn't an issue.

• To use LOAD DATA LOCAL INFILE in PHP , you need to set the driver-option PDO::MYSQL_ATTR_LOCAL_INFILE to true when constructing a new database handle. See MySQL Functions (PDO_MYSQL)

  This must be done when constructing a new PDO instance. Setting it afterwards with PDO::setAttribute() will not work.

See 6.1.6 Security Issues with LOAD DATA LOCAL for more details.

Answer 4

When I contacted the hosting they said I needed the FILE permission to do this. But this is bad practice and not adviced.

Well, there you have it. You need FILE permissions to do what you're trying to do. This is actually the case regardless of whether you're using PHP or bash, because the privilege is coming through MySQL.

While I have some reservations about flat-out saying it's bad practice to use the FILE privilege, I do think there are serious security concerns. However, you don't have to give FILE permission to import an Excel spreadsheet.

I'm going to provide two solutions for you, one that uses DATA INFILE and one that doesn't.

First, a note:

The key to safe and secure data with or without the FILE privilege enabled is ensuring proper escaping for ALL of your queries, especially those that accept user input (example below).

The DATA INFILE option

If you're going to assign FILE privileges, the big concern I would have would be that a hacker would be able to generate all sorts of unsavory data or pull data you don't want someone to have (an article here explains how READ LOCAL INFILE can be very dangerous). If your host allows it, you can create a separate user with FILE permissions that is accessible only via localhost . While this is by no means a silver bullet, it does dramatically reduce the channels through which a hacker can access files in case you do have injection vulnerabilities lying around.

CREATE USER 'filewriter'@'localhost' IDENTIFIED_BY 'some_really_long_and_complex_password';
GRANT FILE ON *.* TO 'filewriter'@'localhost';

The non- DATA INFILE option

Consider this example.

Because you're using PHP, I recommend you create a PHP bash file or just put it in your script and take out the hashbang ( #!/usr/bin/php ).

You should be able to do something like this:

#!/usr/bin/php

$mysqli = new mysqli("host_name", "username", "password", "database") or die("Could not connect.");

$file_handle = fopen("myfile.csv", "r");


$query="INSERT into my_table_name(user_name,user_address,user_class) values(?, ?, ?)";
//practice safe escaping and store records faster.
$stmt = $mysqli->prepare($query) or die(mysql_error());
$stmt->bind_param("sss", $col1, $col2, $col3);
while (($line_of_data = fgetcsv($file_handle, 1000, ",")) !== FALSE) {
    $col1 = $line_of_data[0];
    $col2 = $line_of_data[1];
    $col3 = $line_of_data[2];

    $stmt->execute();
}

$stmt->close();

By using PHP, a language I assume you're comfortable with, you'll be able to take any security restrictions you need to (I included prepared statements already) and store your data. It may not be as fast as LOAD DATA INFILE , but it's a safe way to load your data in PHP. If your spreadsheet isn't massive (GBs) this should be just fine.

Answer 5

the line

Uncaught exception 'PDOException' with message 'SQLSTATE[28000]: Invalid authorization specification: 1045 Access denied for user 'myuser'@'localhost' (using password: YES)'

obviously tells you got problem with your login, then look at this:

+------------------------------------------------------------------------------------------------------------------------+
| Grants for theuser@localhost                                                                                           |
+------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'theuser'@'localhost' IDENTIFIED BY PASSWORD '*password' |
| GRANT ALL PRIVILEGES ON `mydomain_live`.* TO 'theuser'@'localhost'                                                    |
| GRANT ALL PRIVILEGES ON `mydomain_staging`.* TO 'theuser'@'localhost' WITH GRANT OPTION                               |
+------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.01 sec)

tells you you only have access to database mydomain_live and mydomain_staging , so you import script should be:

#!/bin/bash
/usr/bin/mysql --host=localhost --user=theuser --password=password --database=mydomain_staging<<EOFMYSQL
LOAD DATA INFILE 'locationofmyfile.csv'
INTO TABLE test_import 
FIELDS TERMINATED BY ';'
LINES TERMINATED BY '\r\n'
IGNORE 1 LINES ( ArtID, ArtNamePharmLang, ArtNameFr, ArtNameNl, PubPrice, PercentageRebate, RebateAmount, SellingPrice, Localisation, CnkNr, EanNr, SoldQty, MinThd, MaxThd, QtyInStock, DateLastSale, VatRate, SupplierManufName, BuyPrice, InvCatCode, ArtType, ApbCatCode, ApbLegCode, PharmApbNr );
EOFMYSQL

notice the --database=mydomain_staging ?

Answer 6

Have you tried using mysqlimport from the command line? It should be equivalent to load data infile:

Here is an example with the --local option to use on the client side:

mysqlimport -uTHEUSER -pPASSWORD -h ServerIPorDomainGoesHere --local --compress db_name /somepath/TableName.csv

An important detail is that the csv filename must be the table name here, try it and tell us if you still get the same error.

Also try to check the db for anonymous users if mysqlimport doesn't work:

mysql> select user,host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| root             | localhost |
| root             | 127.0.0.1 |
| root             | ::1       |
|                  | localhost |
|                  | %         |
| myuser           | localhost |
+------------------+-----------+ 

Try to remove those blank usernames in the table since your login would match one of those in this example before matching "myuser". So even having permissions on "myuser" the anonymous one probably doesn't.

Hope it helps!

Answer 7

Hosting companies typically disable LOAD DATA INFILE for security reasons and do suggest to use LOAD DATA LOCAL instead.

Here is one from Hostmonster: https://my.hostmonster.com/cgi/help/317 Or the same answer from Bluehost: https://my.bluehost.com/cgi/help/317

Alternatively you can can just read data from the file in PHP using usual fopen(), fgets()/fgetcsv(), fclose() and insert it into MySQL table.