Thanks Geoff, I am aware of the security implications. I will deal with that later. Right now I am just trying to get the WS architecture working. I am logging in with the creds the hosting provider gave me (xeround.com) When I use those creds on the mysql command line, or hard-code them in the script, all works fine. It is only when I pass those values from my HTML form to the script that it fails - which was why I posted the question originally - the authentication works fine, but when entered from a form and passed to the script it fails, which is what is so baffling. I don't understand why mysql_connect should append something in the case of a passed variable but not in the case of a local variable. Unless there is something in the form parsing machinery I am unaware of. And I am trying both from the same host. Thanks, On Apr 21, 2013, at 2:31 AM, Geoff Lane <geoff@xxxxxxxxxxxxx> wrote: > Hi Glob, > > On Sunday, April 21, 2013, 10:46:32 AM, you wrote: > >> That very well may be what is wrong, however, my problem is I don't >> have admin access to this server - it hosted in a BaaS site where >> they do all the admin. They do provide mysql command line access and >> it works, but it won't let me log in as root, not even on the command line. > > Perhaps you can issue the commands of my previous email while logged > in as the user who's credentials they've given to you. That said, I > wouldn't be surprised if they denied you update privs on any of the > tables in the mysql database! > >> Where is the '@'ip70-162-142-180.ph.ph.cox.net' part coming from? I >> have to assume mysql_connect itself is appending that in the call >> since it's not part of the contents of the variable I pass from the form. > > I suspect that it's coming from DNS and that the MySQL instance is > performing a reverse DNS lookup to resolve the IP address of the > connecting host. > >> And if I can't get server root access then that begs the question: >> how do I tell mysql_connect to turn that off and just send the user as-is? > > I don't think that you can. > > However, the hosting company should have given you credentials to use > to log into the database. If your application can log in with those > credentials, I suggest that you rewrite your code to take > responsibility for user verification. For example, you could have your > own user table that gives username and password together with other > user data you need. (BTW, for security, don't store plain-text > passwords in your database, rather store hashes (e.g. MD5) of the > passwords and then use the appropriate function to hash the user input > and compare with the stored hash). > > HTH, > > -- > Geoff Lane > Cornwall, UK > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
