• 0

[PHP/MYSQL] DB Connection Using Wrong User


Question

Hey,

Im making a site that has a user login.

To try and make things a bit safer, i have 2 DB users - an admin user that has all privileges and another user that only has select permission.

my script is setup as follows

// Database Connection
function connect_to_db($user = "select")
{
	// Create new connection
	define("HOSTNAME", "***.***.***.***", true);
	if($user == "admin")
	{
		echo "blah<br />";
		define("USERNAME","ADMIN USERNAME", true);
		define("PASSWORD", "****", true);
	}
	elseif($user == "select")
	{
		define("USERNAME", "twselect", true);
		define("PASSWORD", "****", true);
	}
	else
	{
		die("error");
	}
	define("DATABASE", "trinitywars", true);

	mysql_connect(HOSTNAME, USERNAME, PASSWORD) or die ("<p>There has been a fatal Error! The Monkies will fix this ASAP!</p>");	
	mysql_select_db(DATABASE) or die ("<p>There has been a fatal Error! The Monkies will fix this ASAP!</p>");
}

//Run Query
function run_query($query, $file = __FILE__, $line = __LINE__, $user = 'select', $log = 0)
{
	// Open Connection
	connect_to_db($user);

	// Run query
	$run = mysql_query($query) or die(output_db_error(mysql_error(), $query, $file, $line, $user, $log));

	// Add to query count
	//$_SESSION['queries'] = $_SESSION['queries'] + 1;
	return $run;
}

The code im getting problems with is as follows

$results = run_query($query, __FILE__, __LINE__, 'admin');

and i get this error message

ERROR: INSERT command denied to user 'twselect'@'server213-171-218-134.livedns.org.uk' for table 'log'
File: /home/fhlinux134/t/trinitywars.com/user/htdocs/beta/includes/login.inc.php
Line: 76
User: admin

From what the error message is telling me, it should be using the admin user however, the mysql_error() is saying the problem is due to the code using the select user.

Can anyone see where im going wrong here? i've been staring at it for about an hour now and just cant figure it out.

Thanks in advance :D

Link to comment
Share on other sites

6 answers to this question

Recommended Posts

  • 0

Well, this code should work without a problem.

Are you sure you call it like this:

$results = run_query($query, __FILE__, __LINE__, 'admin');

Maybe you included the wrong file in which you have run_query(...) and connect_to_db(...) functions?

You can only define constants once. You should be using variables in your connect function, not defines. This may or may not fix your problem.

This will probably be the problem if he calls run_query multiple times.

Link to comment
Share on other sites

  • 0

You can only define constants once. You should be using variables in your connect function, not defines. This may or may not fix your problem.

Well, this code should work without a problem.

Are you sure you call it like this:

$results = run_query($query, __FILE__, __LINE__, 'admin');

Maybe you included the wrong file in which you have run_query(...) and connect_to_db(...) functions?

This will probably be the problem if he calls run_query multiple times.

Thanks for the replies. I believe the problem will be that i do indeed called the function more than once.

Is it possible for me to undefine and then redefine a constant? or should i just use variables?

Just had a quick google, and it seems i will just have to use variables :D

Might I also point you in the direction of the mysqli functions of PHP.

They make things much nicer :)

OO programming FTW :)

http://uk2.php.net/mysqli

I know i need to start learning OOP, but for now im happy not knowing it :D

I will keep it in mind for when i decide to learn it :D

Thanks again everyone

Link to comment
Share on other sites

  • 0

// Database Connection
function connect_to_db($user = "select")
{
        // Create new connection
        $hostname = "***.***.***.***";
        if($user == "admin")
        {
                echo "blah<br />";
                $username = "ADMIN USERNAME";
                $password = "****";
        }
        elseif($user == "select")
        {
                $username = "twselect";
                $password = "****";
        }
        else
        {
                die("error");
        }
        $database = "trinitywars";

        mysql_connect($hostname, $username, $password) or die ("<p>There has been a fatal Error! The Monkies will fix this ASAP!</p>");    
        mysql_select_db($database) or die ("<p>There has been a fatal Error! The Monkies will fix this ASAP!</p>");
}

You should now that in this case you connect to the database every time you call connect_to_db function. It's best to connect only once per every page load.

Link to comment
Share on other sites

  • 0

This will probably be the problem if he calls run_query multiple times.

Thanks for the replies. I believe the problem will be that i do indeed called the function more than once.

BLAM!

Reconnecting every time isn't a great idea, but the mysql extension will reuse existing connections and not open a new one unless you explicitly tell it to do so. In other words, people do this so often they've refactored it to make the impact minimal.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.