MySQL connection script

I recently had to change my website passwords after the site was hacked. It has been going along nicely without any changes for some years, and of course I have quite forgotten all the PHP I learned in order to create it and am feeling very foolish.

Those parts of the site which access the MySQL database use a connection script hidden in a private folder of the domain. It’s based on something I found in a PHP/MySQL programming book. Having changed the access password, then obviously I had to change what the script says. So I found my local copy of the site files, changed the password, uploaded the new script and… it doesn’t work and I have no clue why it doesn’t work. This is the script:
[php]

<?php # mysql_connect.php # set logon parameters as constants define ('DB_HOST', 'http://mysql11.streamline.net'); define ('DB_USER', 'avphotoson'); define ('DB_PWD', 'NewPassword'); define ('DB_NAME', 'avphotoson'); # Make the connnection and then select the database. $dbc = @mysql_connect (DB_HOST, DB_USER, DB_PWD) OR die ('Could not connect to MySQL: ' . mysql_error() ); mysql_select_db (DB_NAME) OR die ('Could not select the database: ' . mysql_error() ); ?>[/php]

All I did, I swear, was replace the text of the old password within the single quotes with the new password, shown as ‘NewPassword’ above. The response I get from my browser when trying to retrieve anything from the database is is: “Could not connect to MySQL: Unknown MySQL server host ‘http’ (1)”. The new password is correct, I assure you: it works in phpMyAdmin, using the other details shown above.

Can anyone please give me a clue what might be wrong ? I suppose it’s remotely possible that the script I amended and uploaded was a faulty version, but if so I can’t work out how that might happen or what might be wrong with it. The error message seems to be suggesting that the URL to the database is somehow wrong, but phpMyAdmin doesn’t think so.

Many thanks

Caravelle

Are you sure your DB host is with http? seems very strange.

Also you should change from mysql_* functions to mysqli or PDO, as it stands you will probably be hacked again in no-time.

…and remove the @ from $dbc = @mysql_connect. You dont want to hide the errors. See them, fix them.

I’m hazard a guess the PHP MySQL book you found and used is probably 4-5 years old (if not older), what you should had done is bought a new edition of the book or another php book (I recommend any latest edition PHP books by Larry Ullman).

Anyways, making a connection to mysqli is simple:
[php]// Set your connection string to connect to a database

// The database is the only thing that you will have to setup in MySQL

$mysqli = new mysqli(“localhost”, “root”, “your_password”, “demo_login_system”);

/* check connection */

if (mysqli_connect_errno()) {

printf("Connect failed: %s\n", mysqli_connect_error());

exit();

}[/php]

and so is making a connection to PDO MySQL:
[php]// Create the database connection as a PDO object:

try {

$db_options = array(

	   PDO::ATTR_EMULATE_PREPARES => false                     // important! use actual prepared statements (default: emulate prepared statements)

	   , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION           // throw exceptions on errors (default: stay silent)

	   , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC      // fetch associative arrays (default: mixed arrays)

	   ); 		 



$pdo = new PDO('mysql:host=localhost;dbname=demo_login_system;charset=utf8', 'root', 'your_password', $db_options);	

} catch (PDOException $e) { // Report the Error!

$errMsg = "<p>Something is not right, check your php.ini settings or code</p>";

} [/php]

JimL has a nice PDO tutorial here in the tutorial section and I have a mysqli tutorial on my website that I just redid here: http://www.jrpepp.com/displayPage.php?page=191 and a PDO tutorial as well --> Just see my signature below.

Are you sure your DB host is with http? seems very strange.

Why does it seem strange to you? What else would you suggest it might or should be ? How can I check ?
When I changed the password today the site provider gave me various details, including this:

PHPmyadmin control: http://mysql11.streamline.net/phpmyadmin/
Also you should change from mysql_* functions to mysqli or PDO, as it stands you will probably be hacked again in no-time.

Never heard of them, I’ll look into them. I’m fairly sure my site was hacked, like others I know who use the same provider, because our passwords used for FTP etc, somehow got into the hands of the bad boys. Unwanted links were inserted into various files, resulting in “unsafe” warnings from Google.

Caravelle

Try just mysql11.streamline.net without the http://

Thank you all, but can we please start at the beginning?

Thanks to all. Yes the script came from a Larry Ullman book from some years ago. I simply changed the password bit as I explained.

I need to get the site working again, now. It will take me weeks if not months to learn this new stuff, yes I can slowly learn and change, but there must be a reason why the script I quoted above is wrong and does not work - can we look at that please ?

Thanks

Caravelle

Like JimL stated the line : define (‘DB_HOST’, ‘http://mysql11.streamline.net’); is strange. There probably is a correct line that can be found if you log into mysql administration or phpmyadmin for there you should get the connection details or give Kevin Rubio suggestion a shot.

Thanks again, dropping the

http://
fixed the problem.

That just leaves the question of how it got there in the first place ! As I said, the old script has been working for years.

Now to order an up-to-date PHP book (the one I used was current at the time I wrote the code for the site) and find the time to read it and the tutorials mentioned above. I’m of an age now where learning is not so easy, mainly because I forget what I learned 5 minutes ago the slightest interruption breaks my concentration, and there are far too many interruptions. Swimming around in a sea of unfamiliar mnemonics and shorthand just leaves me more confused and I’ve had quite enough of that lately - I’m trying to write programs in FreePascal/Lazarus, having previously used Delphi (but not for 5 years or more). I get there in the end, it just takes time and a lot of slow solving of one little problem after another.

Caravelle

Feel free to give a brutha some Karma. Link is by my name.

Well if the old code is properly sanitized then there should be no problem in the near future, down the road when PHP drops mysql total there might be. Glad you got it to work.

Sponsor our Newsletter | Privacy Policy | Terms of Service