WEB STANDARDS

Getting Connected with Firefox and Chrome

In this third part of a four-part article series on configuring Firefox for Chrome and a server, you'll learn how to connect PHP to MySQL, call the MySQLi API, and more. This article is excerpted from chapter four of Programming Firefox, written by Kenneth C. Feldt (O'Reilly, 2007; ISBN: 0596102437). Copyright © 2007 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

Author Info:

By: O'Reilly Media

Poor Best

Rating:

/ 2

June 19, 2008

TABLE OF CONTENTS:

When the server software requests information from a database, the software will have to make its request through a MySQL account. We should set this account so that it has only the minimum privileges necessary for the task at hand. That means we limit a user’s read and write authorization to specific tables in the database.

The commands to manage account privileges involve specifying the account or user name, setting a boundary to a limited set of objects that are affected, and setting the privilege itself that describes what degree of access and modification is granted. The minimal, general form of a command to assign a privilege is as follows:

GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
      ON [object_type] {tbl_name | * | *.* | db_name.*}
      TO user [IDENTIFIED BY [PASSWORD] 'password']
          [, user [IDENTIFIED BY [PASSWORD] 'password']] ...
      [REQUIRE
          NONE |
          [{SSL| X509}]
          [CIPHER 'cipher' [AND]]
          [ISSUER 'issuer' [AND]]
          [SUBJECT 'subject']]
      [WITH with_option [with_option] ...]

object_type =
      TABLE
    | FUNCTION
    | PROCEDURE

Thepriv_type parameter is one of a fairly substantial number of tokens that define the privilege being granted. The most familiar of these types includesSELECT(to select information from tables),INSERT(to insert new rows into tables),UPDATE(to modify table entries), andDELETE(to remove rows from a table).

Theobject_type parameter sets a boundary on the privilege being granted. The object type can range from*(all tables on all databases), to an entry of the formdatabaseName.tableName to further qualify the objects to which theGRANTstatement applies.

To create anewssearch_guestaccount that can read any data from the table, you could specify the following script file to create the account:

use newssearch;
grant select on newssearch.account to
newssearch_guest identified by 'nsgst';
grant update (last_session) on account to newssearch_guest;

Reading this script file (or typing it into the MySQL interpreter) will create a database user account,newssearch_guest, that canSELECTdata only from theaccountstable. The second statement addsUPDATEprivileges to the database account to allow scripts to update the session information in the database. We now have enough information to turn our attention to the PHP script that accesses the database.

Next: Connecting PHP to MySQL >>