Glob Design Info wrote:
> On 4/21/13 3:27 PM, Stuart Dallas wrote:
>> On 21 Apr 2013, at 20:29, Glob Design Info <info@xxxxxxxxxxxxxx> wrote:
>>
>>> If that is the case then why does logging in with exactly the same
>>> params from a UNIX shell work fine? Command line login supposedly would
>>> be adding the @localhost or @IP_address as well but isn't. Only when I
>>> pass the variables to the script is that happening.
>>
>> What makes you so sure it's not?
>>
>> It is. I promise you it is. You're not seeing it because you're not
>> getting an error logging in. Do it on the command line again, but use a
>> username that doesn't exist and you will see the host it's adding in the
>> error message.
>
> Indeed you are correct:
>
> Last login: Sun Apr 21 15:41:10 on ttys000
> iMac-333:~ glob$ sudo mysql --host=instance43490.db.xeround.com
> --port=8904 --user=fakeuser --password=somepassword
> Password:
> Warning: Using a password on the command line interface can be insecure.
> ERROR 1045 (28000): Access denied for user
> 'fakeuser'@'ip70-162-142-180.ph.ph.cox.net' (using password: YES)
> iMac-333:~ glob$
>
>>> I am doing exactly as you stated:
>>>
>>>> mysql_connect('localhost', $_POST['username'], $_POST['password']);
>>>
>>> Except that I am first storing $_POST['username'] in local $user and
>>> $_POST['password'] in local $pass first and then passing those to
>>> mysql_connect. And I am connecting to a remote server, not localhost.
>>
>> Side note: why are you putting them in other variables first when you're
>> only going to use them in that one place? It's a waste of memory. It's a
>> minor niggle but it's a pet hate of mine.
>
> I am using them in other places - printing them on the response page to
> see their values/show the user who logged in, etc.
>
>>> I have already documented both the exact HTML and PHP code in this
>>> thread and so see no need to post it elsewhere.
>>
>> And you're saying that when, instead of using $_POST variables you
>> hard-code the username and password in the script it work? I doubt it.
>
> I can assure you it does. However, I may have found the problem: the
> port. As a security measure the BaaS provider appears to have changed
> MySQL to a non-standard port. So............
>
> On the command line:
>
> sudo mysql --host=instance43490.db.xeround.com --port=8904
> --user=<realuser> --password=<realpass>
>
> WORKS perfectly - entering the MySQL Monitor.
>
> However, on the same host, same command line:
>
> sudo mysql --host=instance43490.db.xeround.com:8904 --user=<realuser>
> --password=<realpass>
>
> Does NOT work - returning an error that the host is not found.
>
> So it appears to be the port, which begs the obvious question: is there
> a way to tell mysql_connect() to use a different port?
Yes - please see the documentation page for mysql_connect, in particular the
"Server parameters" part.
<SNIP>
I assume you have taken notice of the warnings in the documentation about
deprecation of the mysql_ functions in favour of mysqli_ or PDO.
--
Cheers
David Robley
Multitasking: Reading in the bathroom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
