#mysql
13 November 2007
Total 28 pages. You are browsing page 4/28.
First :: Prev :: [...] [2] [3] [4] [5] [6] [...] :: Next :: Last
02:36 <****> vladuz: (GRANT and REVOKE Syntax) : http://dev.mysql.com/doc/mysql/en/grant.html
02:36 <****> kimseong: I already know about different usernames.
02:37 <****> vladuz: you can restrict the database, the type of queries as well
02:37 <****> WHERE ((`thread_id` = '2' AND `reply_to` IS NULL) OR (`thread_id` IS NULL AND `reply_to` = '2')) AND
02:38 <****> ^ @ zaatar
02:38 <****> kimseong: my question is rather simple. Is there a way for someone to modify data to a database different than the one currently selected (selected=php reference)
02:38 <****> unlikely of course possible depending on how the script is written, but I would protect it by making the script check the ip address before allowing access and make up an allowed users with ip address table to reference each time
02:38 <****> hi
02:38 <****> vladuz: yes, unless the priv is restricted, so read the grant to restrict the priv
02:39 <****> vladuz: trauncte dbname.tablename
02:40 <****> should I use union stament for 2 tables, or when should do I do?
02:40 <****> :P
02:40 <****> union join the rows
02:40 <****> union combines the rows
02:40 <****> join combines the columns
02:40 <****> yeah, but I want to do that
02:41 <****> It really boils down to how your script is done up, vladuz
02:41 <****> Dauby: if the script accept sql statement and execute it as it is, then possibel to get to any database
02:41 <****> aye
02:42 <****> Dauby: I want to to simply allow the user to do any queries, however, only in their database.
02:42 <****> vladuz: restrict using the grant
02:42 <****> vladuz: and let the database server to decide whether the user allows to access or not
02:43 <****> vladuz: you have to use different user for mysql_connect for this to take effect
02:43 <****> kimseong: I was hoping I wouldn't get to different mysql users.
02:43 <****> you will have to use different users
02:44 <****> vladuz: this is the easiest way, otherwise you have to parse and check the sql statement, a lot mroe complicated
02:44 <****> kimseong: I know a bit about exploits, and from what I know there isn't a way to have a 100% safe statement.
02:44 <****> There's always something new thats not in the filters.
02:44 <****> Im trying to add an ip address where root can connect but it keeps failing thanks in advance for any help 'GRANT ... *.* TO 'root'@'192.168.1.100' IDENTIFIED BY '[Password]';
02:44 <****> thats why I mentioned going the extra mile and filtering by IP address.
02:46 <****> Dauby: it's not really a public page. It's a password protected page, however... you know how it is.
02:46 <****> aye true but depends on how far you wanna go to be sure
02:47 <****> if anybody can access it without firewall or apache restriction they it really is a "public" page too though
02:47 <****> Dauby: it's on a server without internet access.
02:48 <****> o internal
02:48 <****> vladuz: still you want to prevent useer accessing other user db
02:48 <****> Correct.
02:48 <****> vladuz: multiple mysql user is the easiset way
02:49 <****> agree with kimseon and still even you can restrict it by interal ip if you have static ips or they have their own hostnames
02:49 <****> Except that solution and the server-side statement filter, any other stuff?
02:50 <****> vladuz: learn the grant and you are ready to go
02:50 <****> vladuz: or just install and run phpmyadmin instead of reinventing the wheel
02:51 <****> kimseong: hehe.
02:51 <****> heya
02:54 <****> if they are just running queries and not webpages/reports/etc then why not just use the mysql GUI
02:56 <****> hi to all
02:56 <****> hi
02:57 <****> They are basically running queries like.. SELECT * bla bla... WHERE name LIKE '%john%' AND balance = bla bla
02:57 <****> please I have a query I dunno to much mysql the thing is this query works excelent now I have to modify some things and I am trying and I don't egt what I want yet anyone can help me plese
02:57 <****> I'm thinking the best thing would be to customize all the possible options in a nice colored page, and disable the custom quries.
02:57 <****> o report like then
02:58 <****> hm i got a serious group by problem :(
02:58 <****> http://rafb.net/p/kn2Hmp68.html
02:58 <****> http://pastebin.sekati.com/?id=Anonymous@9d557-f34a255c-t
02:58 <****> i need the second statement giving back the counts for all folders
02:59 <****> I need to get the start and end time realted to the timesheet id
03:04 <****> anyone have an example of USE INDEX FOR JOIN other than the mysql docs?
03:05 <****> Druid, I didn't solve to problem but I think you are having the problem because your statement is in aggregate which eventually group some together
03:08 <****> select field from table inner join table2 use index (field) ?
03:08 <****> er left off the on clausees
03:09 <****> hm
03:09 <****> hm
03:09 <****> http://rafb.net/p/JmiYsz18.html
03:09 <****> i think this is the right way
03:09 <****> just the counts are wrong :D
03:12 <****> http://rafb.net/p/CBOECM15.html
03:13 <****> does auth mean something special in mysql?
03:13 <****> Druid_: Your use of an outer join is incorrect.
03:14 <****> Druid_: That's a little better.
03:14 <****> the last one?
03:14 <****> the last one is correct
03:14 <****> any ideas why this doesn't work? http://cpp.tastethepaste.org/1626
03:15 <****> Druid_: Yes. you can remove the WHERE clause. Move the criteria to the ON clause.
03:15 <****> Druid_: Hold on. Yuo changed the join order.
03:16 <****> Druid_: Have you described your requriements above? I wasn't listening.
03:17 <****> well, best way is i would get all folders
03:17 <****> i want to have the counts of new and read mails in it
03:17 <****> http://rafb.net/p/kn2Hmp68.html
03:18 <****> the first one gives me correctly back all mailfolders
03:22 <****> perfect would be to get for each folder always both mail_status with a count
03:27 <****> druid, have you tried not doin the * and only getting the foldername?
03:27 <****> nope
03:28 <****> Druid_; Especially when using GROUP BY, be very careful what you select.
03:28 <****> SELECT folder.folder_name, .....
03:28 <****> ORDER BY folder.uid_user remove
03:28 <****> Druid_: Stick to just the group by fields and proper aggregates.
03:29 <****> you can always go back and subselect them back in after the counts are right
03:29 <****> Dauby i need folder.folder_name and folder.folder_uid
03:29 <****> right but will that get you the propper count first
03:29 <****> Druid_: Then add folder_uid to the GROUP BY clause.
03:30 <****> the problem is the join
03:30 <****> cause it groups by mail.mail_status, and it can only count existing mails in the mail table
03:30 <****> Druid_: Humor me. Make those changes first. Then we can proceed.
03:30 <****> I would try removing the * just to see
03:31 <****> http://rafb.net/p/UioLK096.html
03:31 <****> Druid_: You'll have problems grouping by a field that can be null.
03:31 <****> i see, gotta find another way
03:32 <****> Druid_: Are you expecting groups with mail.mail_status of null.
03:32 <****> i mean that query now is absolutely correct and does what i want
03:32 <****> i just need to add something that it counts mail.mail_status by 0 and 1
Total 28 pages. You are browsing page 4/28.
First :: Prev :: [...] [2] [3] [4] [5] [6] [...] :: Next :: Last