PDA

View Full Version : Resolved include mysql connections



james438
10-03-2008, 06:48 AM
I can include absolute filenames and relative filenames, but when I include the following file:

<?php
$conn = mysql_connect("mysql", "username", "password") or die(mysql_error());
mysql_select_db("db",$conn) or die(mysql_error());
?>
using
<?php include
'http://www.mysite.com/dbstuff.php';
$topic = "select stuff from admin where ID=0";
$verify = mysql_query($topic, $conn) or die(mysql_error());?> I get the error:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/m/y/s/mysite/html/test.php on line 4.

If I use
<?php
include 'dbstuff.php';
?> everything works great.

Is this a security feature? I am just surprised that using absolute filenames for other files works just fine. Hmm, maybe I will look into this further. No worries about responding right away to this post. I might be able to figure some more of this puzzle out soon.

BabblingIdjit
10-04-2008, 12:41 AM
If allow_url_fopen is enabled, you can include a file using a URL. If not, only filesystem paths will be accepted.

james438
10-04-2008, 02:17 AM
it is enabled and I can include files by URL, but not when dealing with sql connections like in my example above. thanks for looking into it though.

BabblingIdjit
10-04-2008, 03:25 PM
Are you trying to open a connection to a database on a remote server?

james438
10-10-2008, 07:17 AM
I use godaddy, so I do not really know.

here is my php5.ini file. As far as I can tell there is nothing private in this file so

register_globals = off

allow_url_fopen = on

allow_url_include = on
expose_php = Off

max_input_time = 60

variables_order = "EGPCS"

extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

[Zend]
zend_extension=/usr/local/zo/ZendExtensionManager.so
zend_extension=/usr/local/zo/4_3/ZendOptimizer.so From what I can tell including database connections will work only if the applications of the database connections are located in the included file as well. Otherwise the database connections will need to be included relatively.

The error I get when including database connections absolutely look like
Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/m/y/s/mysite/html/review/addform.php on line 22

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/content/m/y/s/mysite/html/review/addform.php on line 22
Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2)

BabblingIdjit
10-10-2008, 04:13 PM
I use godaddy, so I do not really know.
Well, you should know if you are trying to access a MySQL server on your site or on a remote site.

But, that error is the result of trying to include the file using a url. The http wrapper is preventing the mysql connection as this could be a request from a remote site, and thus a security risk.

It should work if you include() the file using a file system path.

james438
10-10-2008, 04:20 PM
Ah, so it is being prevented due to security issues. That is good. Thanks for the info.