tags:

views:

48

answers:

2
+3  Q: 

what MySQL permissions are required for mysql_real_escape_string()?

what MySQL permissions are required for mysql_real_escape_string()?

i want to create a db user with the minimum abilities specifically for using with mres()...

+4  A: 

It's done on the client side, so the only permission needed is usage (since all you need is a connection, not even read permissions)...

ircmaxell  2010-08-06 12:51:28
The **USAGE** permission stands for "No Privileges" mainly in MySQL.
Knowledge Craving  2010-08-06 13:49:48
Actually no. `Usage` allows you to log in and select the database. You can't do anything else, but you can get access. And since `mysql_real_escape_string` only requires a connection, all you need is access. So yes, `USAGE` is sufficient for `mysql_real_escape_string`. Sure, you can't do anything else, but you can do what the original question was...
ircmaxell  2010-08-06 13:51:45
and nobody wondered why such a question. I wish there was a habit on SO, kind of tradition.. to think at least once per 10 answers...
Col. Shrapnel  2010-08-06 14:45:01
A: 

EDIT, after comments of "ircmaxell":-
You will require the following permissions / privileges to be set:-

  1. INSERT
  2. SELECT
  3. UPDATE
  4. CREATE TEMPORARY TABLES

The above privileges are the minimum ones that should be provided to any user account of each & every database of MySQL.

If administrator wants to create just a basic simple account, where the user will need to view / select the records, then only the "SELECT" permission is just required. No other permissions are needed to be given (as regards to the comment of "ircmaxell").

Hope it helps.

Knowledge Craving  2010-08-06 13:47:51
Never add `ALTER` or `INDEX` permissions for a production account. If you application modifies tables dynamically, you **really** need to rethink the problem... Only administrators (And internal administration applications) should have those two permissions...
ircmaxell  2010-08-06 13:53:18
@ircmaxell - Thanks for the info, I'm changing my answer accordingly.
Knowledge Craving  2010-08-06 14:06:41
@Knowledge Craving: Removed -1... Otherwise that is a good baseline of permissions (depending on need of course. You may want some accounts to only have `SELECT`)...
ircmaxell  2010-08-06 14:13:17

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL