2

所以我试图在我的本地主机上使用 mysql 和 php 以及 html 和 css 建立一个简单的会员站点。我正在使用一个类来尝试保持我的名为 DbConnection 的 php OOP,它具有选择、插入、更新和删除以及连接和断开数据库的方法。我可以毫无问题地建立连接并将用户插入到我的特定表中。我的问题在于授予新创建的用户创建、删除、插入或更新任何数据的权限。我的 grantUserStandardPermissions() 函数中是否存在错误?还是我不允许运行多个查询?

我的数据库:db_test 表:用户、产品、订单、愿望清单

我想将这些用户存储在我的 db_test 中的用户表中。不在我的 mysql.user 表上!

请帮忙!

这是我所拥有的:

我使用此功能连接到数据库:

   /*=================================================================*/
//
// Function creates the connecton to the database   
public function connect(){

    // If there is no connection already in existence
    if(!$this->con){

    // Create the Connection to the database, the object oriented way
     $this->connection = @mysql_connect($this->IP_ADDRESS, $this->DB_USER, $this->DB_PASSWORD, $this->DB_NAME) or die(@mysqli_err());

        // If the connection was successful
        if($this->connection){

            // Connect to the Body Block Database
            $select_database = @mysql_select_db($this->DB_NAME, $this->connection);

            // If the Body Block database was selected
            if($select_database){

                // Connection was successful alert the user
                echo 'Connected to the Database<br/>';

                // Set the Connection to true
                $this->con = true;

                // Return tre
                return true;

            // Else the database was not selected    
            }else{

                // Could not find the database
                echo 'The Database does not Exist<br/>';

                // Return false
                return false;              
            }

        // Else, the connection was unsuccessful    
        }else{

            // Unable to connect, server problem
            echo 'Unable to make a connection.<br/>';

            // Return false
            return false;          
        }
    // There is a connection already    
    }else{

        // Already connected
        echo 'A connection to the database already exists.<br/>';

        // Return true
        return true;         
    }
} // End connect()

然后我用这个功能插入一个用户:

/*=================================================================*/
//
// Function creates a new row with the passed in data
public function insert($table_name, $values, $rows = null){

    // If the table exists
    if($this->tableExists($table_name)){

        // The query statement to run is created
        $this->query = 'INSERT INTO ' .$table_name;

        // If rows where passed in
        if($rows != null){

            // implode the rows array at a comma
            $rows = implode(',', $rows);

            // Append the rows to the query
            $this->query .= ' ('.$rows.')';

        }

            // Loop throught the values we want to insert
            for($i = 0; $i < count($values); $i++){

                // If the values are strings
                if(is_string($values[$i])){

                    // Set the values as strings to insert
                    $values[$i] = '\''.$values[$i].'\'';
                }
            }

            // Implode the values where there is a ,
            $values = implode(',',$values);

            // Create the insert query to run on the database
            $this->query .= 'VALUES ('. $values.')';

            echo "$this->query"."<br/>";

            // Run the query against the database
            $result = mysql_query($this->query);

            // If there is a result
            if($result){

                // Echo the Success
                echo 'Success';

                // Return true
                return true;

            // Else there is no result    
            }else{

                // Return false
                return false;
            }
     // Else the table does not exist   
    }else{

        echo 'Failed to find table!';

        // Return false
        return false;
    }
}// End insert()

然后我尝试使用此功能授予此用户权限:

更新- 我删除了这个功能,并使用我的所有访问管理员创建了用户,然后创建了第二个管理员来处理 CRUD,从而为用户查询我的用户表,尝试执行操作。

 //=============================================================================
// Grant the permissions for the new User
public function grantUserStandardPermissions($username, $password){
    $grantPermission = "GRANT SELECT, INSERT, UPDATE, DELETE ON db_test.* TO ";
    $grantPermission .= $username;
    $grantPermission .= " @'%' IDENTIFIED BY '". $password. "'";

    echo "$grantPermission";

    $result = mysql_query($grantPermission);

    if($result){
        mysql_query("FLUSH PRIVELAGES");
        echo 'ran command';
        return true;
    }else{
        return false;
    }

}
4

1 回答 1

2

当我初始化 MySQL 数据库时,我运行:

SET sql_safe_updates=0;

delete from mysql.user where user = '';
commit;

CREATE SCHEMA `petshop` DEFAULT CHARACTER SET utf8;

CREATE USER `petshop-dml` identified by 'petshop-dml123';

GRANT SELECT ON petshop.* TO `petshop-dml`;
GRANT INSERT ON petshop.* TO `petshop-dml`;
GRANT UPDATE ON petshop.* TO `petshop-dml`;
GRANT DELETE ON petshop.* TO `petshop-dml`;
GRANT EXECUTE ON petshop.* TO `petshop-dml`;

//optionally create your own user, that executes DDLs:
//CREATE USER `petshop-admin` identified by 'petshop-admin123';
//GRANT ALL PRIVILEGES ON *.* TO `petshop-admin`@'%';

根据您的需要调整架构、密码和用户名,并从 PHP Admin 或您喜欢的任何工具执行它:)

然后在您的应用程序中使用创建的用户(在此示例petshop-dml中)来插入、更新、删除、查询。

于 2013-10-16T16:17:27.883 回答