stackoom
  简体   繁体   中英

Connecting through PHP to a MySQL user with less privileges

 原文  2015-03-14 14:48:58       php/ mysql/ phpmyadmin

Question

Maybe I am missing something, I am misunderstanding something about MySQL-PHP connections... I can't figure. I know it will be a lot to read but I can't put this in less words... Sorry!

The problem is: I am using XAMPP; I created in Phpmyadmin a 'user' with less privileges than user "root" (only INSERT and UPDATE) and then I am connecting in php file with this new user to MySQL. After connecting and selecting a specific db ('test'), I am using a DELETE query just to see what it does, and it actually deletes the row from a table I specify even though I expected it won't be able to do this since the user I used to connect to the db has only insert and update privileges. What am I missing?

In phpmyadmin, in 'mysql' db - 'user' table, my low privileges 'user' appears and it has the exact privileges i granted it and they are global! Still, if I connect to another db with this 'user' and try to use delete query, it will say access denied. So it acts like an "admin" with only one DB ('test') but has limited privileges on all others.

Here's a screen shot from tab 'Users'. The limited user is at the bottom ('user') - http://gyazo.com/1ed0218982a4b80eb2927cee78e2a46c

1 answers

solution1
 0  2015-05-07 17:26:20

The likely solution is that, for whatever reason, your application is connecting as a different user. Instead of the DELETE query, try running STATUS ;` and look carefully at the output. Amongst other things, you should see a line like 

Current user:           user@localhost

If it's anything else, then your script is not connecting as the user you think it is and you have to check your application for why that is happening. If that really says user@localhost, the next step is to log in to phpMyAdmin as that user (just use 'user' as the username in the login field). Once you're connected, look on the right hand side of the main page for the user and host you're connected as.

A less likely solution is that you've added additional database-level permissions for the user@localhost account -- to check that, click through the "Edit privileges" link then go to the Database tab at the top and see if there's anything odd appearing there.

Here is a user that has global INSERT and UPDATE privileges, plus full control over the sakila databsase:

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Setting user privileges in PHP and MYSQL User privileges with mysql database and php Testing privileges for PHP script's MySQL user Error in MySQL syntax when i try to create database and set user privileges through PHP MySQL Granting privileges to a user PHP PDO Create MySQL database and user and grant privileges How to identify user access privileges using PHP and MySQL? connecting to MySQL database through PHP access denied Connecting to a MySQL database through SSH PHP Connecting android application to MySQL through php and JSON
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM