开发者

PHP: mysql_connect not returning FALSE

I have a form where the user enters their database information and can click a link that uses AJAX to send the credentials to this page. The problem I have is that as long as the开发者_StackOverflowy enter the correct host name the script returns TRUE.

Is there another way to test this so that it will return FALSE if the username and password are not valid?

$h  =   urldecode($_GET['h']);
$u  =   urldecode($_GET['u']);
$p  =   urldecode($_GET['p']);

$con = mysql_connect($h, $u, $p);

if(!$con){
    echo 'Could not connect';
}

else{
    echo 'Connected';
}

Solved!

For future reference, the issue was that there where entries in the mysql user table for user = "Any". I removed those users and the script worked as expected. I updated this post to include a screen shot for anyone having similar problems. Thanks to Fabio below for the suggestion!

PHP: mysql_connect not returning FALSE


That's because mysql_connect uses some defaults when connecting which should be root for the username and the blank string for the password if I correctly remember it. Alternatively could be the username under which the webserver runs.

This could means that your db server accepts passwordless root connections (from the webserver machine), which is pretty dangerous. You should review your database configuration and user list.

From a security point of view your code is not very safe, db credentials are transmitted in cleartext, and as a rule of thumb db credentials should not be entered by end users (unless you're writing a PhpMyAdmin like tool).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜