By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,905 Members | 894 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,905 IT Pros & Developers. It's quick & easy.

Create Mysql database?

P: n/a

How do I make PHP create a database for mysql please?
I can see how to make tables and I have read all the documents
I can find but I don't understand how to make the database itself.

All the tutorials I can find seem to bypass the issue by ignoring it?

Am I missunderstanding something?

Thanks
May 11 '07 #1
Share this Question
Share on Google+
15 Replies


P: n/a
On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
How do I make PHP create a database for mysql please?
query = "create database fred;";
May 11 '07 #2

P: n/a
In article <pa****************************@you.now>, an*****@you.now
says...
On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
How do I make PHP create a database for mysql please?

query = "create database fred;";
Oh god is it really that simple - this must be my day
for asking dumb questions.

Thanks for not lauging at me... at least not in public !
May 11 '07 #3

P: n/a
On 11 May, 17:52, harvey <harvey....@blueyonzders.comwrote:
In article <pan.2007.05.11.16.45.46.763...@you.now>, anno...@you.now
says...
On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
How do I make PHP create a database for mysql please?
query = "create database fred;";

Oh god is it really that simple - this must be my day
for asking dumb questions.

Thanks for not lauging at me... at least not in public !
remember though that it's considered good practise not to have php
use root, give php too many permissions and it will only be time
before your hard work comes back to haunt you, instead get use
to creating the db using the mysql command line (or some helpful gui)
and then immediately create a new user which has rights over this
database, and plug that into the php scripts that use that db,
limiting potential for disaster.

May 11 '07 #4

P: n/a
In article <11**********************@y80g2000hsf.googlegroups .com>,
ma********@gmail.com says...
remember though that it's considered good practise not to have php
use root, give php too many permissions and it will only be time
before your hard work comes back to haunt you, instead get use
to creating the db using the mysql command line (or some helpful gui)
and then immediately create a new user which has rights over this
database, and plug that into the php scripts that use that db,
limiting potential for disaster.

hmmm... I can see that this is likely to get very complicated very
quickly.

My difficlty is I am at the learning stage with PHP and mySQL but I'm
doing this to try and automate the procedures for someone who knows even
less than I do. I need it to create the database and tables and
then update the tables for him from forms in his browser -

I can do most of it but the PHP/Mysql is new to me as I said.

I've bought the Samms PHP,MYsql and Apache - All in One book and am
working through it to get this done but it tends to gloss over
or even ignore the really important stuff such as that you just
mentioned. I'm reasonably Linux oriented so most of it makes sense but
where issues don't arise at all I can miss them. (I'm not at all
impressed with most of the books I've seen I must admit but this one did
seem the best)

Do you have any advice for me on using PHP to create the database appart
from not doing it? (I suspect he doesnt have root access on his web site
either so I'm guessing he needs to use his own ISP provided access - he
does have the mySQL admin package but not the skills to use it -)

Is there anything I can do to limit the problems of creating the database
in PHP? I really don't want to try and get him to do anything manually.
Thanks again.
May 11 '07 #5

P: n/a
On May 11, 10:39 am, harvey <harvey....@blueyonzders.comwrote:

Is there anything I can do to limit the problems of creating the database
in PHP? I really don't want to try and get him to do anything manually.

Thanks again.

Many programs have a "database setup" script that asks for the MySQL
root password and then creates the tables and users for the main
program to use later (the db 'user' it creates has limited
functionality so it cannot mess with other databases or create/delete
tables.) It never records the root PW, once the MySQL users and
tables are done it utilizes only the limited accounts it created.
(probably only requiring root PW later for major upgrades)

May 11 '07 #6

P: n/a
Tom

"harvey" <ha********@blueyonzders.comwrote in message
news:MP************************@news-text.blueyonder.co.uk...
In article <pa****************************@you.now>, an*****@you.now
says...
On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
How do I make PHP create a database for mysql please?
query = "create database fred;";


Oh god is it really that simple - this must be my day
for asking dumb questions.

Thanks for not lauging at me... at least not in public !
If MySQL was already installed, running, and configured in your PHP setup,
then you should be fine. If you see permission errors though, you might need
to check up on the permission settings in your MySQL setup.

If you do need to, I'd check the MySQL documentation
(http://dev.mysql.com/doc/) on "user account management" to make sure your
username and/or network location (IP address, localhost, etc.) are
configured for access.

Tom
--
Newsguy.com
90+ Days Retention
Higher levels of article completion
Broader newsgroups coverage
May 11 '07 #7

P: n/a
On Fri, 11 May 2007 10:16:55 -0700, shimmyshack wrote:
On 11 May, 17:52, harvey <harvey....@blueyonzders.comwrote:
>In article <pan.2007.05.11.16.45.46.763...@you.now>, anno...@you.now
says...
On Fri, 11 May 2007 16:42:23 +0000, harvey wrote:
How do I make PHP create a database for mysql please?
query = "create database fred;";

Oh god is it really that simple - this must be my day
for asking dumb questions.
Just think of PHP as your front end to your SQL server... anything you can
do in standard ANSI SQL you can do with PHP.
>Thanks for not lauging at me... at least not in public !

remember though that it's considered good practise not to have php
use root, give php too many permissions and it will only be time
before your hard work comes back to haunt you, instead get use
to creating the db using the mysql command line (or some helpful gui)
and then immediately create a new user which has rights over this
database, and plug that into the php scripts that use that db,
limiting potential for disaster.
PHP/Apache/mysql/etc should never run as root and never have to. There
should be no correlation between the accounts used by your public apps and
the system accounts on the box.

That's a fine solution unless you're creating databases dynamically...
which is the only reason I can think of to create a DB with a web
application in the first place.

There is a simple solution however. Control the rights of the web app
using your mysql install. I have one user that has read-only access to the
databases for use when doing look-ups, one user that I grant write access
to the databases for operations that need to write to the database and one
with access to create databases.

I set the default user for my connection to the read-only account and have
to purposefully change the account being used if I want to do anything
other than just read.

You can't inject SQL if the account you're using doesn't have rights to
write to the database.

May 11 '07 #8

P: n/a

"harvey" <ha********@blueyonzders.comwrote in message
news:MP************************@news-text.blueyonder.co.uk...
In article <11**********************@y80g2000hsf.googlegroups .com>,
ma********@gmail.com says...
>remember though that it's considered good practise not to have php
use root, give php too many permissions and it will only be time
before your hard work comes back to haunt you, instead get use
to creating the db using the mysql command line (or some helpful gui)
and then immediately create a new user which has rights over this
database, and plug that into the php scripts that use that db,
limiting potential for disaster.


hmmm... I can see that this is likely to get very complicated very
quickly.

My difficlty is I am at the learning stage with PHP and mySQL but I'm
doing this to try and automate the procedures for someone who knows even
less than I do. I need it to create the database and tables and
then update the tables for him from forms in his browser -

I can do most of it but the PHP/Mysql is new to me as I said.

I've bought the Samms PHP,MYsql and Apache - All in One book and am
working through it to get this done but it tends to gloss over
or even ignore the really important stuff such as that you just
mentioned. I'm reasonably Linux oriented so most of it makes sense but
where issues don't arise at all I can miss them. (I'm not at all
impressed with most of the books I've seen I must admit but this one did
seem the best)

Do you have any advice for me on using PHP to create the database appart
from not doing it? (I suspect he doesnt have root access on his web site
either so I'm guessing he needs to use his own ISP provided access - he
does have the mySQL admin package but not the skills to use it -)

Is there anything I can do to limit the problems of creating the database
in PHP? I really don't want to try and get him to do anything manually.
Its actually quite easy. I too haven't done much in it but I'm pretty much
able to do all basic database stuff I need to.

Essentially you first log into the database using a function, create a sql
query string(which is probably going to be the hardest part but it too is
quite simple once you get over the mental block), and then query the
database with another function.

for example, heres a query for my database to check some stuff

$query="DELETE FROM ips WHERE ip='".mysql_real_escape_string($RMADDR,
$ldblink)."';";
$result = queryldb($query, $ldblink);
function logonldb($database)
{
$user="login";
$password="password";

$link = mysql_connect('localhost', $user, $password);
if (!$link) { dberror("Connection Error!"); }

$db_selected = mysql_select_db($database, $link);
if (!$db_selected) { dberror("Database Error!"); }

return $link;
}
and I use loginldb to log into the database and return the link that is used
in the calls. You also have to log out with somethign like
function logoffldb($link)
{
mysql_close($link);
}

the query function is defined as

function queryldb($query, $link)
{

$result = mysql_query($query, $link);
return $result;
}

also, if you are to get a result then you want to convert the query call
into an array using something like the following

if ($result != false) { $row = mysql_fetch_assoc($result); if ($row ==
false) { unset($row);}} else unset($row);
My wrappers are kinda unnecessary but hopefully you can see how basic it is.
Its just a few function calls and a little bit of setup(query string and
result conversion).
Its much easier than I ever expected and was a relief.

Jon
May 11 '07 #9

P: n/a

"Jon Slaughter" <Jo***********@Hotmail.comwrote in message
news:Yx****************@newssvr21.news.prodigy.net ...
>
"harvey" <ha********@blueyonzders.comwrote in message
news:MP************************@news-text.blueyonder.co.uk...
>In article <11**********************@y80g2000hsf.googlegroups .com>,
ma********@gmail.com says...
>>remember though that it's considered good practise not to have php
use root, give php too many permissions and it will only be time
before your hard work comes back to haunt you, instead get use
to creating the db using the mysql command line (or some helpful gui)
and then immediately create a new user which has rights over this
database, and plug that into the php scripts that use that db,
limiting potential for disaster.


hmmm... I can see that this is likely to get very complicated very
quickly.

My difficlty is I am at the learning stage with PHP and mySQL but I'm
doing this to try and automate the procedures for someone who knows even
less than I do. I need it to create the database and tables and
then update the tables for him from forms in his browser -

I can do most of it but the PHP/Mysql is new to me as I said.

I've bought the Samms PHP,MYsql and Apache - All in One book and am
working through it to get this done but it tends to gloss over
or even ignore the really important stuff such as that you just
mentioned. I'm reasonably Linux oriented so most of it makes sense but
where issues don't arise at all I can miss them. (I'm not at all
impressed with most of the books I've seen I must admit but this one did
seem the best)

Do you have any advice for me on using PHP to create the database appart
from not doing it? (I suspect he doesnt have root access on his web site
either so I'm guessing he needs to use his own ISP provided access - he
does have the mySQL admin package but not the skills to use it -)

Is there anything I can do to limit the problems of creating the database
in PHP? I really don't want to try and get him to do anything manually.

Its actually quite easy. I too haven't done much in it but I'm pretty much
able to do all basic database stuff I need to.

Essentially you first log into the database using a function, create a sql
query string(which is probably going to be the hardest part but it too is
quite simple once you get over the mental block), and then query the
database with another function.

for example, heres a query for my database to check some stuff

$query="DELETE FROM ips WHERE ip='".mysql_real_escape_string($RMADDR,
BTW, the mysql_real_escape_string is used any time the data your sticking
into the database might be used for sql injections. This is where they can
mess whith your query to change it to something else and screw up your
database or get its data. I just wrap it around every variable that I use
just incase.
May 11 '07 #10

P: n/a
>I set the default user for my connection to the read-only account and have
>to purposefully change the account being used if I want to do anything
other than just read.

You can't inject SQL if the account you're using doesn't have rights to
write to the database.
There are plenty of people who would love to inject
select * from credit_card_account_list;
even if the account you're using has no rights to write to the database.
May 11 '07 #11

P: n/a
harvey wrote:
How do I make PHP create a database for mysql please?
I can see how to make tables and I have read all the documents
I can find but I don't understand how to make the database itself.

All the tutorials I can find seem to bypass the issue by ignoring it?

Am I missunderstanding something?

Thanks
Harvey,

Other users have given you great advice. The only caution I can add -
many shared hosting providers don't allow you to create databases except
through their control panel.

Of course, if this is your server, that isn't a problem.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
May 12 '07 #12

P: n/a
On Fri, 11 May 2007 23:02:45 +0000, Gordon Burditt wrote:
>>I set the default user for my connection to the read-only account and
have to purposefully change the account being used if I want to do
anything other than just read.

You can't inject SQL if the account you're using doesn't have rights to
write to the database.

There are plenty of people who would love to inject
select * from credit_card_account_list;
even if the account you're using has no rights to write to the database.
Obviously I was speaking of injections to cause data corruption.

Anyone stupid enough to use credit_card_account_list as a table name
deserves to go out of business.

May 15 '07 #13

P: n/a
On May 15, 4:24 pm, Ivan Marsh <anno...@you.nowwrote:
On Fri, 11 May 2007 23:02:45 +0000, Gordon Burditt wrote:
>I set the default user for my connection to the read-only account and
have to purposefully change the account being used if I want to do
anything other than just read.
>You can't inject SQL if the account you're using doesn't have rights to
write to the database.
There are plenty of people who would love to inject
select * from credit_card_account_list;
even if the account you're using has no rights to write to the database.

Obviously I was speaking of injections to cause data corruption.

Anyone stupid enough to use credit_card_account_list as a table name
deserves to go out of business.
one may gather all the data in a database by blind injecting a query
which asks "true or false" questions. Subtle bahavioural changes in
the app (timings of response, etc...) can lead to knowledge of the
result, without the need to receive error messages back through http,
this prevents WAFs, logs and so on from discovering the existence of
the attack until it has successfully obtained all the info from the
database, "is the first letter of the first table in the database
greater than m?" etc.. etc...
this thwarts security by obscurity, such as calling the credit_card
table something like image_data_for_banner_adverts....

May 15 '07 #14

P: n/a
On Tue, 15 May 2007 09:46:52 -0700, shimmyshack wrote:
On May 15, 4:24 pm, Ivan Marsh <anno...@you.nowwrote:
>On Fri, 11 May 2007 23:02:45 +0000, Gordon Burditt wrote:
>>I set the default user for my connection to the read-only account and
have to purposefully change the account being used if I want to do
anything other than just read.
>>You can't inject SQL if the account you're using doesn't have rights
to write to the database.
There are plenty of people who would love to inject
select * from credit_card_account_list;
even if the account you're using has no rights to write to the
database.

Obviously I was speaking of injections to cause data corruption.

Anyone stupid enough to use credit_card_account_list as a table name
deserves to go out of business.

one may gather all the data in a database by blind injecting a query
which asks "true or false" questions. Subtle bahavioural changes in the
app (timings of response, etc...) can lead to knowledge of the result,
without the need to receive error messages back through http, this
prevents WAFs, logs and so on from discovering the existence of the
attack until it has successfully obtained all the info from the
database, "is the first letter of the first table in the database
greater than m?" etc.. etc...
this thwarts security by obscurity, such as calling the credit_card
table something like image_data_for_banner_adverts....
That being true is it not still more difficult to guess something that's
randomly generated or something that has meaning?
May 15 '07 #15

P: n/a
On May 15, 6:51 pm, Ivan Marsh <anno...@you.nowwrote:
On Tue, 15 May 2007 09:46:52 -0700, shimmyshack wrote:
On May 15, 4:24 pm, Ivan Marsh <anno...@you.nowwrote:
On Fri, 11 May 2007 23:02:45 +0000, Gordon Burditt wrote:
I set the default user for my connection to the read-only account and
have to purposefully change the account being used if I want to do
anything other than just read.
>You can't inject SQL if the account you're using doesn't have rights
to write to the database.
There are plenty of people who would love to inject
select * from credit_card_account_list;
even if the account you're using has no rights to write to the
database.
Obviously I was speaking of injections to cause data corruption.
Anyone stupid enough to use credit_card_account_list as a table name
deserves to go out of business.
one may gather all the data in a database by blind injecting a query
which asks "true or false" questions. Subtle bahavioural changes in the
app (timings of response, etc...) can lead to knowledge of the result,
without the need to receive error messages back through http, this
prevents WAFs, logs and so on from discovering the existence of the
attack until it has successfully obtained all the info from the
database, "is the first letter of the first table in the database
greater than m?" etc.. etc...
this thwarts security by obscurity, such as calling the credit_card
table something like image_data_for_banner_adverts....

That being true is it not still more difficult to guess something that's
randomly generated or something that has meaning?
blind injection is mostly a sledge hammer (but I guess could be coded
to be "cleverer"), so it just asks many questions.

May 15 '07 #16

This discussion thread is closed

Replies have been disabled for this discussion.