Alexander M. Turek wrote:
Okay; however the best way would probably be to just use escaped _ characters in your GRANT statements, respectively the privileges tables...
Yeah but I have about 2500 databases (with permissions) on several servers which are not created that way (I didn't write the scripts :) )
I will adjust the scripts to escape the underscore in the future, and maybe some day make a script which fixes the old GRANTS :)
Even if you would hack into phpMyAdmin to disable the database creation form, the users would still be able to create databases by submitting a CREATE DATABASE query.
I know, trust me, but right now customers are mostly wondering why they get permission errors, when phpMyAdmin says they can create databases :)
Anyway, I removed the hack (cvs -C main.php) and escaped the GRANT query, and while $show_grants_dbname now contains string(20) "`dreamcoder_dk_db`" it still shows the Create Database form. I traced the code down to the the ereg() and it still evals to int(1) which sets $is_create_priv to TRUE. It seems to me that $show_grants_dbname should contain quoted quotes: `dreamcoder\_dk\_db` to work properly with ereg()? This should be done by PMA? Could someone (knowing the code) just do a quick check?
Dunno if this is my fault, the GRANT query seems to be fine now and I can't create databases matching the wildcard anymore.
Sorry if this belongs on the users list.