[Phpmyadmin-devel] Create Database

Tom Sommer - dreamcoder.dk ts at dreamcoder.dk
Fri Jun 4 13:40:10 CEST 2004

Alexander M. Turek wrote:

>>>Okay; however the best way would probably be to just use escaped \_ 
>>>characters in your GRANT statements, respectively the 
>>>privileges tables...
>>Yeah but I have about 2500 databases (with permissions) on 
>>several servers which are not created that way (I didn't 
>>write the scripts :) )
>>I will adjust the scripts to escape the underscore in the 
>>future, and maybe some day make a script which fixes the old GRANTS :)
> Even if you would hack into phpMyAdmin to disable the database creation
> form, the users would still be able to create databases by submitting a

I know, trust me, but right now customers are mostly wondering why they
get permission errors, when phpMyAdmin says they can create databases :)

Anyway, I removed the hack (cvs -C main.php) and escaped the GRANT
query, and while $show_grants_dbname now contains string(20)
"`dreamcoder\_dk\_db`" it still shows the Create Database form. I traced
the code down to the the ereg() and it still evals to int(1) which sets
$is_create_priv to TRUE.
It seems to me that $show_grants_dbname should contain quoted quotes:
`dreamcoder\\_dk\\_db` to work properly with ereg()? This should be done 
by PMA?
Could someone (knowing the code) just do a quick check?

Dunno if this is my fault, the GRANT query seems to be fine now and I
can't create databases matching the wildcard anymore.

Sorry if this belongs on the users list.

Tom Sommer

More information about the Developers mailing list