Hi,
I try do give a mysql user previliges with PHP.
It work to create a new database, but it don't assign previliges to the user.
Here is my code:

<?php
$name = $_POST['user'];
$owner = $_POST['owner'];

if (!empty($name) OR !empty($owner))
{
    $continued = mysql_connect("localhost","root","****");
    if($continued)
    {
        echo "Connection success.<br>";
    }
    else
    {
        echo "Connection failed.<br>";
    }

$db_name = $name;
$db_owner = $owner;
echo "<br>==>DBname: " . $db_name . "<br>";
$make = mysql_query("CREATE DATABASE $db_name");
$sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `$db_owner`.* TO \"$db_owner\"@\"%\";"; 
if($make)
{
    echo "Database $db_name created assigned to user $db_owner.<br>";
}
else
{
    echo "Failure creating $db_name.<br>";
    echo "Reason: " . mysql_error() . "<br>";
}
unset($name);
unset($owner);
}
else
{
    echo "No name given yet.<br>";
}
?>
<html>
<form method="post">
Database name:
<input type="text" name="user" value="">
<br>
User to assign the database to:
<input type="text" name="owner" value="">
<input type="submit" value="Submit">
</form>
</html>

Can someone help me?

    How does it not work?

    Incidentally, it may be better to connect to the server securely and issue such commands directly.

      It don't give these previliges: $sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON $db_owner.* TO \"$db_owner\"@\"&#37;\";";

      I need it because users on my mysql can then create databases themself. I don't need to do it then.

        Oh, but where do you actually execute the SQL statement?

          Oh, but where do you actually execute the SQL statement?

          You probably want to write:

          $sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `$db_owner`.* TO '$db_owner'@'&#37;';";
if ($make && mysql_query($sql))
{

            still doesn't work. I execute it on a local php page. I'm running a apache server

              still doesn't work.

              What did you try? Post the smallest and simplest script that demonstrates the problem. Do not use a form, but rather hard code the test.

                i tried this from you:

                $sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON $db_owner.* TO '$db_owner'@'&#37;';";
                if ($make && mysql_query($sql))
                {

                  Oh, I noticed another problem: you are granting privileges on $db_owner, but the database is named $db_name.

                    No problem 🙂
                    Remember to mark this thread as resolved using the thread tools.

                      Write a Reply...