How to enable schema permissions?

[JamesT.A.]

Hi, all. I'm a total SQL newbie, but I managed to successfully install/create a database and table for a "comments" page on my site using the scripts from this site: http://is.gd/1uTXd .

Unfortunately, I keep getting a "no database selected" error when I try to access the page online. I know the database IS selected because all the info is correct in the relevant fields in the php pages I uploaded.

I suspect I'm having the same problem as this guy:
http://is.gd/1uTiR

So....how do I go about enabling these "schema permissions? I've clicked on every one of the icons in the Databases section of cPanel and poked around in each of them but can't seem to find where I can enable permissions.

I'm guessing I'll smack myself in the forehead after I get the answer because it's probably an obvious solution, but at the moment I'm .... :dunno:

Thanks in advance!

James

 

[garrettroyce]

use MySQL Databases or Postgre Databases tool in CPanel and use it to add your user to the database with all permissions.

 

[JamesT.A.]

Okay....now THIS is the sort of thing that makes Windows users toss their PCs out a 20th-floor window and run screaming to the nearest Mac dealer.

Why would the cPanel creators not put a "Modify Account" or "Maintenance" button on the MySQL page? Would that make too much SENSE?

I finally clicked on the "Add" button in desperation, figuring I could add another user, give that one all permissions, and delete the original. But as I'm sure you already know, I discovered the permissions area after I clicked "Add".

Unfortunately I must have diagnosed the original problem incorrectly because I'm still getting the "no database selected" error.

Anyway, thanks for the advice, Garrett. If you have any other ideas, I'm wide open to suggestions.

James

 

[misson]

Okay....now THIS is the sort of thing that makes Windows users toss their PCs out a 20th-floor window and run screaming to the nearest Mac dealer.

To be fair, what follows isn't any different on a Mac.

Why would the cPanel creators not put a "Modify Account" or "Maintenance" button on the MySQL page? Would that make too much SENSE?

Or simply change the text labels in the "Add" section to reflect the fact you can modify permissions. That one detail is the worst piece of cPanel's design.

Unfortunately I must have diagnosed the original problem incorrectly because I'm still getting the "no database selected" error.

That's why suspicion isn't a valid diagnostic tool. Mentioning the guess was fine, as you needed advice on how to fix the particular cause, but it made you stop looking for the solution. Your also shouldn't assume that the database is selected; the reason you gave ("all the info is correct in the relevant fields in the php pages") isn't sufficient.

To get more info, check the return result of mysql_select_db. If it's false, print mysql_error() (note: you shouldn't print DB errors in production code. It won't contain any useful information for users, excepting malicious ones).

If you can't get mysql_select_db to work, you can prefix table names with database names, separated by a period:

"SELECT * FROM `${db_name}`.comments WHERE tutorialid='$tutid' ORDER BY date"

Overall, I'm not impressed with the script. It uses "or die()" (2) to print errors, it prints DB errors, it uses the old MySQL driver instead of PDO (finally available on x10) or even mysqli, and (because it doesn't use prepared [2] statements), you must sanitize the tutorial ID you pass to getComments(), but this fact isn't documented. Worse, submitcomment.php doesn't sanitize any input.

 

[JamesT.A.]

To be fair, what follows isn't any different on a Mac.

Yeah, I realized that after I submitted that reply.

But I was rather frustrated at the time — you know, when you get to that "JUST $!#!%&!! WORK!!!" point and you really DO want to toss the machine.

That's why suspicion isn't a valid diagnostic tool. Mentioning the guess was fine, as you needed advice on how to fix the particular cause, but it made you stop looking for the solution.

Yes, an excellent point. But I did dive back into it and it's all working perfectly now, dare I say it, by the grace of God. (I still really don't remember precisely which portion of code I tweaked that finally made it work.)

I just kept poking around online and looking at more possible solutions, copying and pasting snippets of code until finally, at around 2:30 a.m., I uploaded the page for the nth time, reloaded it into the browser, and ... it WORKED.

Today I got into the CSS sections and got the layout to match my site's background and colours. Really happy about that, too.

I made sure I saved AND backed up all those files.

I think it'll probably be all right because the site will not have a huge amount of traffic. It's basically a digital record of a memorial service and family reunion I went to a few weeks ago. Mostly pages of photos taken throughout the day with identifying captions. I wanted the comments page so people could leave their stories and/or memories of the deceased.

Your also shouldn't assume that the database is selected; the reason you gave ("all the info is correct in the relevant fields in the php pages") isn't sufficient.

See, now THAT'S one of those things that drives us non-programmers insane. Cryptic and/or ambiguous error messages that are indecipherable to the average person. In that other guy's case, it WAS selected but gave that error message anyway. In my case, well, who knows at this point. I'm just glad it's working now.

To get more info, check the return result of mysql_select_db. If it's false, print mysql_error() (note: you shouldn't print DB errors in production code. It won't contain any useful information for users, excepting malicious ones).

If you can't get mysql_select_db to work, you can prefix table names with database names, separated by a period:

"SELECT * FROM `${db_name}`.comments WHERE tutorialid='$tutid' ORDER BY date"

Thank you VERY much for those two tidbits. Wish I'd known that yesterday!

Overall, I'm not impressed with the script. It uses "or die()" (2) to print errors, it prints DB errors, it uses the old MySQL driver instead of PDO (finally available on x10) or even mysqli, and (because it doesn't use prepared [2] statements), you must sanitize the tutorial ID you pass to getComments(), but this fact isn't documented. Worse, submitcomment.php doesn't sanitize any input.

Uh, yeah....all Greek (or should I say geek?) to me. No disrespect intended, mind you. I thank God there are people who actually enjoy programming. Makes all this stuff possible for the rest of us.

Thanks for all the resource links. I'm bookmarking them for future reference.

 

[misson]

I think it'll probably be all right because the site will not have a huge amount of traffic. It's basically a digital record of a memorial service and family reunion I went to a few weeks ago. Mostly pages of photos taken throughout the day with identifying captions. I wanted the comments page so people could leave their stories and/or memories of the deceased.

Usability and esthetics may not be important in this case, but you need to consider security. You never know when a vandal will target you.

Uh, yeah....all Greek (or should I say geek?) to me.

Basically, the script uses outdated techniques. They open up your script to SQL injection. Securiteam has a very informative write-up on SQL injection, but xkcd demonstrates the problem best. The modern fix is to use prepared statements.

 

[JamesT.A.]

Usability and esthetics may not be important in this case, but you need to consider security. You never know when a vandal will target you.

Oh, wonderful; one more thing I need to worry about --- stupid psycho hackers!

Basically, the script uses outdated techniques. They open up your script to SQL injection. Securiteam has a very informative write-up on SQL injection, but xkcd demonstrates the problem best. The modern fix is to use prepared statements.

Very interesting and informative articles (all bookmarked for future reference). Thank you.

I liked that comic strip (who knew programmers had such a good sense of humour?). The irony is that if I'd seen that four days ago, I wouldn't have had a clue what the joke was...

Thanks again for your assistance.