SQL connection

<p>I am writing a social network using notepad++, and have thus far used AJAX, CSS, HTML, JS, SQL, and PHP. In this question, only the last two are important. I am inserting the user information into the database using insert.php, the action page of register.php, an included portion of logi.php, the login page, which you are redirected to by index.php in the event that you did not try to log in and you have no login session cookies; the login page takes you back to index.php (the action of logi.php), which validates your username and password against the user database and the administrator log in information.<br>

**The trouble is that I get the following:<br /><br />Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'a8994846_112358'@'10.1.1.30' (using password: YES) in /home/a8994846/public_html/insert.php on line 37<br /><br />Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/a8994846/public_html/insert.php on line 39<br /><br />Access denied for user 'a8994846_112358'@'10.1.1.30' (using password: YES)<br>

When I submit the data to the following:<br>

<?php<br />if ( $_REQUEST['sname'] )<br /> {<br /> session_name($_REQUEST['sname']);<br /> }<br />else<br /> {<br /> session_name('loginfo');<br /> }<br />session_start();<br />echo ' <html><head><title>Sending. .</title>';<br /> <br /> $un1 = $_POST["userN"] ;<br /> $pw1 = $_POST["pasWd"] ;<br /> $pc1 = $_POST["cPasWd"] ;<br /> $fN1 = $_POST["fName"] ;<br /> $lN1 = $_POST["lName"] ;<br /> $fulN1 = '$fN1'.'$lN1' ;<br /> $bD1 = $_POST["DOB"] ;<br /> <br /> $un = md5($un1) ;<br /> $pw = md5($pw1) ;<br /> $cp = md5($pc1) ;<br /> $fulN = md5($fulN1) ;<br /> $bD = md5($bD1) ;<br /> $txt = '../'.$fn1 ;<br /> $mtxt = '../m'.$fn1;<br /> <br /> if ($pw == $cp)<br /> {<br /> $mysql_host = "mysql8.000webhost.com";<br /> $mysql_database = "a8994846_Users";<br /> $mysql_user = "a8994846_112358";<br /> $mysql_password = "1123581321_sql";<br /> <br /> //Connect to MySQL Server<br /> $con = mysql_connect($mysql_host, $mysql_user, $mysql_password);<br /> //Select Database<br /> mysql_select_db($mysql_database,$con) or die(mysql_error());<br /><br /> $sql="INSERT INTO Personal (Username, Password, FullName, Age, Text, mText)<br /> VALUES ('$un','$pw','$fulN','$bD','$txt','$mtxt')";<br /><br /> if (!mysql_query($sql,$con))<br /> {<br /> die('Please Restart Process. Error: ' . mysql_error());<br /> }<br /> <br /> mysql_close($con);<br /> <br /> header( 'Location: http://TheSN.host22.com/' );<br /> }<br /> <br /> else<br /> {<br /> header( 'Location: http://TheSN.host22.com/register2.php' );<br /> }<br /><br />echo ' </head></html>';<br />?></p>

<p>When I ping that server address (mysql8.000webhost.com), I'm getting back 10.1.1.108 (which is obviously an internal IP address at your hosting company, where that MySQL instance lives). But your error message suggests that you are working with credentials at '10.1.1.30' - so it's a little hard to tell what's going on there, but that's somethingn to explore.<br /><br />Do you know that your credentials are good, on that database server? Have you already connected to it and done things like created tables, indexes, etc? If so, on what IP address are you connecting, using what tools, and is it with the same credentials?<br /><br />Lastly: you might want to obfuscate your credentials in a thread like this: you've just put up a giant red flag begging for someone to try a month-long script kiddy attack on your content, hoping to use those credentials to bust into your server/database. Have those changed before you proceed, and then hide them during future correspondence, truly.</p>

<p>The credentials were provided by 000webhost when I created the database, as to my specifications, in the form of php variables, which I saved to a .txt file, and now copy and paste into the top of any page that involves SQL.<br /> So unless something changed serverside that was asynchronous to the data being sent to the client side (and thus I was unaware of), they are accurate.</p>

<p>Those are the credentials to a different database which I have created for the purpose of questions like this, containing the same content as the real database. (as I can have a GB of tables per database, and I can just use a different table). There is probably nobody here as paranoid about internet security as me.</p>

<p>I don't know how to connect to the database except with a PHP - SQL script, so no to that.</p>

<p>All addresses, however are accurate.</p>

<p>Peter,<br>

Have you set up the MySQL user accounts properly to connect from the host IP address? This is a quirk about MySQL, which (at least) I only understood recently: user accounts can be tied to a client IP or domain name, and will only authenticate properly if they connect from that domain. See <a href="http://dev.mysql.com/doc/refman/5.1/en/adding-users.html">http://dev.mysql.com/doc/refman/5.1/en/adding-users.html</a> <br>

Hope this helps.<br>

Scott</p>

<p>Scott's probably on the money, here. MySQL has per-host security (if you want it to). The people running the database server may need to allow that account to connect from an unexpected address.</p>

<p>The website and the database are both provided by 000webhost. The domain whose cred's I provided and which I operate the site off of were created from the site hosting *account*, on 000webhost, and for a 000webhost-owned domain; I would assume that they have tied it to the domain that I am using. Is that safe to assume?<br>

Also, I have a file freg.htm, which has a form whose action is freg.php. Freg means FirstRegister, and the php is identical to this, except that it has a section to create a table. Should I upload that to the host and use it (not linked to or from any other pages) and then just delete it from the host afterward, keep it on there, or something else (i.e. request instruction or a link thereto on the manual creation of datatables)?</p>

<p>I would assume that they have tied it to the domain that I am using. Is that safe to assume?</p>

<p>Not necessarily. It all depends on how they have things set up. They may govern access (as mentioned above) by the IP address of the internal server that's running MySQL and/or running the PHP code that's trying to talk to it. Your public-facing domain name will have nothing to do with this whatsoever. This is all behind-the-scenes server-to-server communication on non-routable (internal to the hosting company) IP addresses.<br /><br />As for the script that makes tables ... how often will you need to make the same table(s)? Doesn't hte hosting company provide you a dashboard or control panel type interface that allows you to manage the tables in your database directly? I would imagine that the PHP scripts you run on your site (like form handlers) would add <em>records</em> to a table, not tables to the database.</p>

<p>I looked into it, and:</p>

<blockquote>

<p>So unless something changed serverside that was asynchronous to the data being sent to the client side (and thus I was unaware of)</p>

</blockquote>

<p>It said it created databases; it gave me cred's, but my account registers no databases having been created.</p>

<p>So can you, or can't you, use the hosting provider's management tools to interact with the tables in the database you're trying to get your code to talk to? That's a good test.</p>

<p>Yes, I can access and edit SQL databases and tables from the hosting site, and yes, it is auto-tied to the website I use.</p>

<p>So, that means you've got it working, now? Or are you trying to connect to it from a <em>different</em> site, and that's why your account within the database server isn't allowing your code (running elsewhere) to work? It's still not very clear, here, what you've got running where.</p>

<p>I basically have everything cleared up, but when I try to save the databases with no values in the rows, it says "That is not a number." Do I do something to the default value, or what? (this is my first SQL project)</p>

<p>I presume you mean "save <em>to</em> the database," as in, writing a new record to an existing table?<br /><br />If you've got a table set up, and the fields in that table have defined type (say, a field that's set to store large integer values, like "1234567" etc), and you have that integer field defined as NOT allowing null values, then sure ... the database server is going to complain when you try to create a new row in the table while breaking the rule you established. If (through your table design) you've set up the rule that says a given field has to have a value in it (and, in the case of an integer field, that has to be a number), and you try to create a new row in the table without such a value provided, then you're going to get exactly the error that you've told the system to give you.<br /><br />If you change your own rules, and allow the field to tolerate null values, then it won't complain when you leave it empty. But it will complain if you try to record a non-numeric string of characters or binary data etc in a field set up just for, say, double-precision numbers. You're completely in charge of what the table will and won't like, but you have to follow your own rules when you write to the table, or you'll throw errors.</p>