Page 1 of 1
server side problem?
Posted: Tue Nov 29, 2005 1:02 pm
by bredoteau
Hi,
I've created a webshop that works fine on my offline server and on my online test server.
Now it should run on a commercial server, but it won't work.
1. my php code creates and modifies text files, but changes are not saved. I guess this is a simple rights problem, but how can I solve it - is it a php setting or must the provider himself set the rights?
2. mysql database: There is no phpMyadmin or stuff. How can I set up a database? My code only _uses_ an existing db. In general I know only how to use those sql commands that take effect when you are already connected to a db, but how to send higher mysql commands, like create database or list all existing databases?
3. security: a guy told me to use strong passwords. Which are strong? If I use a pw similar to a php session variable and check its existence in each document, will it be safe?
Kind regards...
Re: server side problem?
Posted: Tue Nov 29, 2005 2:19 pm
by Roja
bredoteau wrote:3. security: a guy told me to use strong passwords. Which are strong?
Passwords containing the word "Muscles".
Yes, I am kidding.
Re: server side problem?
Posted: Tue Nov 29, 2005 2:28 pm
by josh
bredoteau wrote:Hi,
I've created a webshop that works fine on my offline server and on my online test server.
Now it should run on a commercial server, but it won't work.
1. my php code creates and modifies text files, but changes are not saved. I guess this is a simple rights problem, but how can I solve it - is it a php setting or must the provider himself set the rights?
2. mysql database: There is no phpMyadmin or stuff. How can I set up a database? My code only _uses_ an existing db. In general I know only how to use those sql commands that take effect when you are already connected to a db, but how to send higher mysql commands, like create database or list all existing databases?
3. security: a guy told me to use strong passwords. Which are strong? If I use a pw similar to a php session variable and check its existence in each document, will it be safe?
1. Try outputting the error (change error_reporting to E_ALL), the command to change file permissions on linux is chmod
2. you can get phpmyadmin for free, google for it. Mysql is free too, phpmyadmin is just a tool for administering mysql databases. The mysql manual teaches you how to create tables and such, phpmyadmin can also do this for you
3. passwords should be case sensitive, containing both uppercase and lowercase characters, contain symbols like underscores and also contain numbers. Passwords should never be shorter then 6 characters, thats the minimum.
Posted: Tue Nov 29, 2005 2:33 pm
by John Cartwright
In general I know only how to use those sql commands that take effect when you are already connected to a db, but how to send higher mysql commands, like create database or list all existing databases?
You pass the command along like you would any ordinary query
Code: Select all
mysql_query('CREATE TABLE `blah` ... ') or die(mysql_error());
Posted: Wed Nov 30, 2005 3:14 am
by Maugrim_The_Reaper
For the above to work (depending on setup and mysql users) you may need to have credentials connecting to the database set to a User with permissions to create databases. Don't leave it this way though - if possible.
See a lot of stuff about having such Users setup for PHP Applications which I consider a needless security risk - why put plain text credentials in a PHP file for a User capable of creating/dropping entire databases when a simple User with read/write only permissions is far far safer...
Re: server side problem?
Posted: Thu Dec 08, 2005 2:46 pm
by bredoteau
1. Try outputting the error (change error_reporting to E_ALL), the command to change file permissions on linux is chmod
OK, but this does not enable php to create NEW files. Modifying existing files works now.
2. you can get phpmyadmin for free, google for it. Mysql is free too, phpmyadmin is just a tool for administering mysql databases. The mysql manual teaches you how to create tables and such, phpmyadmin can also do this for you
I could never get high-leveled messages across to MySQL (like "create database"). Creating or querying tables once I am connected to a db is no problem, so I always used phpmyadmin. I even tried to understand how phpmyadmin does the trick, but I got lost in all those files.
However, I don't think I can install phpmyadmin simply by uploading it with a ftp program, right? But this is the only thing I can do, coz I am not the server myself.
3. passwords should be case sensitive, containing both uppercase and lowercase characters, contain symbols like underscores and also contain numbers. Passwords should never be shorter then 6 characters, thats the minimum.
Thanks!
[/quote]
Posted: Thu Dec 08, 2005 2:50 pm
by bredoteau
Maugrim_The_Reaper wrote:For the above to work (depending on setup and mysql users) you may need to have credentials connecting to the database set to a User with permissions to create databases. Don't leave it this way though - if possible.
See a lot of stuff about having such Users setup for PHP Applications which I consider a needless security risk - why put plain text credentials in a PHP file for a User capable of creating/dropping entire databases when a simple User with read/write only permissions is far far safer...
Thanks, a reasonable comment!
Yes, I'd like to be able to set up the db and then 'kill' the user at least temporally. But heck, if only they would let me set up my db in the first place!
Posted: Thu Dec 08, 2005 2:51 pm
by bredoteau
Jcart wrote:
You pass the command along like you would any ordinary query
Code: Select all
mysql_query('CREATE TABLE `blah` ... ') or die(mysql_error());
As said, creating tables is NO problem. How would you create a database or view all existing dbs?
Posted: Thu Dec 08, 2005 3:58 pm
by John Cartwright
To create a database:
Listing databases:
http://dev.mysql.com/doc/refman/5.1/en/.. gotto love the manual..
Posted: Thu Dec 08, 2005 5:10 pm
by bredoteau
Yeah, but how do I transmit this? Using mysql_query doesn't work.
Posted: Thu Dec 08, 2005 5:17 pm
by John Cartwright
Works for me on mysql 4.1 and php4.3.something on apache 1.3