Confusion as to what db user is actually carrying out queries

PHP
1

Hi, in my php.ini file I have appended the Harry Fuecks mysql session handler script to store sessions in my database. Sorry but I can no longer find an example of this script on the net, I have looked. The script connects to mysql with a user name of ‘sessions_user’ and a password of ‘123’. It connects to the database ‘site_sessions’ and stores php sessions in the table ‘php_sessions’. This is the only table in this particular database. The usernames, passwords and database/tables are just examples. Grants are put on ‘sessions_user’ to only have SELECT, UPDATE, INSERT and DELETE privileges on the ‘site_sessions’ database and none other.

On my regular php files I have an include file that connects to the database and retrieves all the site’s content and articles. The scripts that require database access connect to mysql with a user name of ‘content_user’ and a password of ‘ABC’. They connect to the database ‘site_content’ and access various tables within that database. A link identifier is used when selecting the database. Grants are put on the ‘content_user’ to only have SELECT, UPDATE and INSERT privileges on the ‘site_content’ database and none other.

Now the problem:

When running a query within a regular script this works:


SELECT * FROM tbl_articles

But when I issue the session_start() function on the scripts that require sessions, the above query doesn’t work. I get an error along the lines of " The table ‘tbl_articles’ cannot be found in the database ‘site_sessions’. What the frig? I’m connected to the database ‘site_content’ aren’t I?

If I change ‘FROM tbl_articles’ to 'FROM site_content.tbl_articles’, the query works as per it did when the call to session_start() wasn’t present. What could be going on here? I’m a little concerned that all the scripts with session_Start() in them are connecting to mysql and running queries under the user name ‘session_user’ and ‘123’ instead of ‘content_user’ and ‘ABC’. However if this was the case wouldn’t I be getting errors about that user not having GRANT privileges on the ‘site_content’ database?

I’m a little confused as to what’s up with this. Is there a definitive way of finding out what user is actually carrying out DB queries on those scripts that have a call to session_start()?

2

I think:

You have either mixed up your link identifier variables, or you aren’t using them when needed. For example, mysql_query($session_sql, $session_user_link);
For the mysql related functions that take a link as an argument, it’s usually optional. If you don’t supply a link, php assumes the link of the most recent connection created, or tries to create a connection by using configuration values. Check the docs.

As for why session_user can access site_content.tbl_articles, I think you just don’t have permissions setup correctly. Maybe you have yet to issue a FLUSH PRIVILEGES statement, or they could just be wrong.

Take a look at
http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_current-user
Note the difference between CURRENT_USER() and USER(). This might give a hint about your permission problems, but I would correct your use of link identifiers in php first.

3

Thanks for your reply. I can confirm that while outputting the result of CURRENT_USER and USER that my scripts are indeed connected to mysql with the user details that are only supposed to handle my sessions i.e mysql_connect('localhost’, 'sessions_user’, ‘123’) and not mysql_connect(‘localhost’, 'content_user’, ‘ABC’) which is what it’s meant to be. The link identifiers on mysql_select_db are correct for both connections.

I’ve gone ahead and added the link identifier to the end of my queries and it seems to have sorted it all out, but I’m still puzzled as to why mysql_connect('localhost’, 'sessions_user’, ‘123’) is overiding the call to mysql_connect(‘localhost’, 'content_user’, ‘ABC’), as that last connection comes after the connection to the sessions database.