[Phpmyadmin-devel] Create Database
Tom Sommer - dreamcoder.dk
ts at dreamcoder.dk
Fri Jun 4 13:40:10 CEST 2004
Alexander M. Turek wrote:
>>>Okay; however the best way would probably be to just use escaped \_
>>>characters in your GRANT statements, respectively the
>>>privileges tables...
>>
>>Yeah but I have about 2500 databases (with permissions) on
>>several servers which are not created that way (I didn't
>>write the scripts :) )
>>
>>I will adjust the scripts to escape the underscore in the
>>future, and maybe some day make a script which fixes the old GRANTS :)
>
>
> Even if you would hack into phpMyAdmin to disable the database creation
> form, the users would still be able to create databases by submitting a
> CREATE DATABASE query.
I know, trust me, but right now customers are mostly wondering why they
get permission errors, when phpMyAdmin says they can create databases :)
Anyway, I removed the hack (cvs -C main.php) and escaped the GRANT
query, and while $show_grants_dbname now contains string(20)
"`dreamcoder\_dk\_db`" it still shows the Create Database form. I traced
the code down to the the ereg() and it still evals to int(1) which sets
$is_create_priv to TRUE.
It seems to me that $show_grants_dbname should contain quoted quotes:
`dreamcoder\\_dk\\_db` to work properly with ereg()? This should be done
by PMA?
Could someone (knowing the code) just do a quick check?
Dunno if this is my fault, the GRANT query seems to be fine now and I
can't create databases matching the wildcard anymore.
Sorry if this belongs on the users list.
--
Tom Sommer
More information about the Developers
mailing list