Posted by Ivan Marsh on 05/11/07 17:57

On Fri, 11 May 2007 10:16:55 -0700, shimmyshack wrote:

> On 11 May, 17:52, harvey <harvey....@blueyonzders.com> wrote:
>> In article <pan.2007.05.11.16.45.46.763...@you.now>, anno...@you.now
>> says...
>>
>> > On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
>>
>> > > How do I make PHP create a database for mysql please?
>>
>> > query = "create database fred;";
>>
>> Oh god is it really that simple - this must be my day
>> for asking dumb questions.

Just think of PHP as your front end to your SQL server... anything you can
do in standard ANSI SQL you can do with PHP.

>> Thanks for not lauging at me... at least not in public !
>
> remember though that it's considered good practise not to have php
> use root, give php too many permissions and it will only be time
> before your hard work comes back to haunt you, instead get use
> to creating the db using the mysql command line (or some helpful gui)
> and then immediately create a new user which has rights over this
> database, and plug that into the php scripts that use that db,
> limiting potential for disaster.

PHP/Apache/mysql/etc should never run as root and never have to. There
should be no correlation between the accounts used by your public apps and
the system accounts on the box.

That's a fine solution unless you're creating databases dynamically...
which is the only reason I can think of to create a DB with a web
application in the first place.

There is a simple solution however. Control the rights of the web app
using your mysql install. I have one user that has read-only access to the
databases for use when doing look-ups, one user that I grant write access
to the databases for operations that need to write to the database and one
with access to create databases.

I set the default user for my connection to the read-only account and have
to purposefully change the account being used if I want to do anything
other than just read.

You can't inject SQL if the account you're using doesn't have rights to
write to the database.

• Next in forum: Re: Create Mysql database?
• Prev in forum: Re: Create Mysql database?
• Thread view: Re: Create Mysql database?

[Reply to this message]