0

I am getting crazy. I want to send data to my database on my db-webserver (php 7.2, phpMyAdmin):

$inputdata = mysqli_query($db, "INSERT INTO notice (text, priority, option1) VALUES ('$htext', '$hpriority', '$hoptions1')");

But data do not reach the database on my db-webserver , but everything is fine on my local MAMP - it works, on my localhost i can fill in data.

And I can get the data FROM my db-webserver (older data or manually put in data). So the connection works, too. But my error log on the webserver says:

PHP Warning: mysqli_connect(): (HY000/1045): Access denied for user 'user'@'localhost' (using password: YES) in /xx/xxx/public_html/notice/conn_web_notiz.php on line 3

which is on line 3:

$db = mysqli_connect("localhost", "user", "password", "name-of-database");

On StackOverflow I found some inputs like: cPanel (on my webserver) has problems with special characters for password. So I set a simple one. But: Why can I READ the table's content but not fill in??

And I must say: It worked fine, but all of a sudden it made troubles, which I could solve, but not the data input.

Dharman
  • 30,962
  • 25
  • 85
  • 135
mac-mamp
  • 1
  • 1
  • Can you run this SQL request on your server : 'SHOW GRANTS FOR 'user'@'localhost'; ? – Inazo Oct 06 '20 at 15:55
  • 1
    **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Oct 06 '20 at 16:05

1 Answers1

0

It looks like you are using the same authentication procedure on your webserver that you used in MAMP. This is presenting a conflict.

By nature the

'user'@'localhost'

is used on MAMP because you are running the database locally. When you migrate to the webserver, you'll need to access the webserver not localhost. This prevents cross-site security breaches.

Although it is written kinda weird, you might try something like this blog post to better understand the difference. You should look in the PHPmyAdmin for your webserver to figure out how to handle your credentials.

zpeters
  • 281
  • 1
  • 8
  • I have 2 diff. login files for MAMP and webserver (user is a placeholder for my threat). And: I can READ the content of the database - so I can connect, what means: connection is ok, logins are correct (Mamp has only: root, root....) – mac-mamp Oct 06 '20 at 20:10
  • @Inazo: I set privileges to all for user, but SHOW GRANTS FOR 'user'@'localhost'; says, user has noch privileges. I really do not understand these message. – mac-mamp Oct 07 '20 at 07:53
  • @mac-mamp: the problem is not so much the 'user' portion as it is the 'localhost' portion. 'localhost' works on the development server in MAMP which resides on your local machine. The problem is that when you migrate the account to the webserver, you'll need to replace that 'localhost' bit with a server identity that matches your webserver address. Sometimes that default if '127.0.0.1' and sometimes it is more complex. Did you check out the blog post from my previous comment? – zpeters Feb 23 '21 at 02:24