Alexander M. Turek wrote:
Okay; however the best way would probably be to just use escaped \_ characters in your GRANT statements, respectively the privileges tables...
Yeah but I have about 2500 databases (with permissions) on several servers which are not created that way (I didn't write the scripts :) )
I will adjust the scripts to escape the underscore in the future, and maybe some day make a script which fixes the old GRANTS :)
Even if you would hack into phpMyAdmin to disable the database creation form, the users would still be able to create databases by submitting a CREATE DATABASE query.
I know, trust me, but right now customers are mostly wondering why they get permission errors, when phpMyAdmin says they can create databases :) Anyway, I removed the hack (cvs -C main.php) and escaped the GRANT query, and while $show_grants_dbname now contains string(20) "`dreamcoder\_dk\_db`" it still shows the Create Database form. I traced the code down to the the ereg() and it still evals to int(1) which sets $is_create_priv to TRUE. It seems to me that $show_grants_dbname should contain quoted quotes: `dreamcoder\\_dk\\_db` to work properly with ereg()? This should be done by PMA? Could someone (knowing the code) just do a quick check? Dunno if this is my fault, the GRANT query seems to be fine now and I can't create databases matching the wildcard anymore. Sorry if this belongs on the users list. -- Tom Sommer