在授权查询中通过密码标识,影响不相关的连接

时间:2016-01-16 21:40:13

标签: php mysql grant

在下面的代码中有2个mysql连接,问题是如果来自表单的密码不是123456,则第二个连接会出现连接错误。

现在,来自表单的密码应该与第二个连接无关,因为在第二个连接开始之前创建的新数据库的密码为。第二个连接一起连接到另一个数据库。

但是,如果我使用注释掉的$grantQ查询,则第二个连接正常。这意味着该问题与identified by '{$pass}'查询中的$grantQ有关。

identified by '{$pass}'查询应该只影响已创建的新数据库。为什么它会影响第二个连接连接到的现有数据库?

请帮忙..抱歉很长的总结!

      <?php
        if(isset($_POST['submit'])){
            // SUPER CONNECTION
            $maindb_db = "little_maindb"; 
            $maindb_server = "localhost";
            $maindb_username = "admin@littlesidegym.com"; 
            $maindb_password    =  "123456";//
            $conn = new mysqli($maindb_server, $maindb_username, $maindb_password, $maindb_db);
            if ($conn->connect_error) {
                die($contact_cus_supp);
            }   
            //NAME OF DB FROM POST - CUSTOMER VIEW
            $new_dbname = mysqli_real_escape_string($conn, $_POST['db_name']);
            $new_pass = mysqli_real_escape_string($conn, $_POST['pass']);
            // CREATING DATABASE
            $sql = "CREATE DATABASE IF NOT EXISTS $new_dbname ";
            if (!mysqli_query($conn, $sql)) {
                mysqli_close($conn);
                exit();
            }
            $host = "localhost";
            $user = $_SESSION['sess_email'];
            $flush_pri = "FLUSH PRIVILEGES";
            $pass = $new_pass;
            // GRANT USER PRIVILEGES
            echo $current_project;
            $grantQ = "GRANT ALL PRIVILEGES ON " . $new_dbname . ".* TO '{$user}'@'{$host}' identified by '{$pass}'";
            //$grantQ = "GRANT ALL PRIVILEGES ON " . $new_dbname . ".* TO '{$user}'@'{$host}'";
            if(!mysqli_query($conn,$grantQ)){
                mysqli_close($conn);
                exit();
            }
            if(!mysqli_query($conn,$flush_pri)){
                mysqli_close($conn);
                exit();
            }
            // SUPER CONNECTION CLOSE
            mysqli_close($conn);
            // ALTOGETHER A DIFFERENT CONNECTION
            $secdb_db = "little_userdb"; 
            $secdb_server = "localhost";
            $secdb_username = "user@littlesidegym.com"; 
            $secdb_password =  "123456";//
            $conn = new mysqli($secdb_server, $secdb_username, $secdb_password, $secdb_db);
            if ($conn->connect_error) {
                die($contact_cus_supp);
            }
            echo "HELLO WORLD";
        ?>  

// FORM

 echo '<table>';
        echo '<form action="create_project.php" method="POST" id = "myform" name = "myform" >';
        echo '<tr><th></th></tr><tr><td><input type = "text" value="" name = "db_name" class = "req alphanums" placeholder = "DB Name" ><td></tr>';

        echo '<tr><th></th></tr><tr><td><input type = "password" value="" name = "pass" class = "req" placeholder = "Password" ><td></tr>';

        echo '<tr><th></th></tr><tr><td><div id = "submit"><input type="submit" id = "submit" name = "submit" value = "Create Project"></div><td></tr>';
        echo '</form>';
        echo '</table>';

1 个答案:

答案 0 :(得分:1)

您为新创建的数据库使用相同的用户名并访问little_userdb,因此每次都会更改其密码。

在mysql中,用户名由名称和主机名掩码标识(mysql查找第一个匹配项)。因此,您的代码会更改现有用户的密码,并授予他访问新数据库的权限。