Access denied for user 'SYSTEM'@'local

2019-08-20 22:17发布

问题:

I wanted to test a script written for PHP 5.3.5 (installed as Apache module) in PHP 5.2 environment.

I installed a fresh copy of Apache 2.0.64 and PHP 5.2.17 and configured it EXACTLY as I had configured PHP 5.3 before. Except I did copy libmysql.dll into Apache bin directory (PHP 5.3 doesn't have this file anymore).

Both servers are configured by hand (not a XAMPP versions or something) and access the same locally installed mySQL Server 5.5.8. Both servers are running as Windows Server under the system account.

PHP 5.3 works perfectly, PHP 5.2 returns an error:

Warning: mysql_connect() [function.mysql-connect]: Access denied 
for user 'SYSTEM'@'localhost' (using password: NO) in C:\Tools\htdocs\myscript.php on line 33

The SQL-user I am using is hardcoded in PHP code ant it is not SYSTEM@localhost. SYSTEM seems to be a Windows account the Apache is running under. (If I start the Apache from the Administrator account, the message changes to Administrator@localhost.)

The default user (with a name '') was deleted on my SQL-Server. If this empty-user exists, the PHP 5.2 connects to the database successfully, but fails on the database selection (mysql_select_db) because of permissions.

回答1:

If the sql.safe_mode (NOT the PHP safe mode) in on in the php.ini, PHP is always using the script owner to connect to the SQL server and not the user specified in mysql_connect().

I mixed up the property safe_mode and sql.safe_mode during the configuration and it cost me 6 hours!

The answer was found here: http://www.php.net/manual/de/ref.mysql.php#72632



回答2:

The problem is that you're not specifying the proper username and password for mysql_connect. Instead of leaving them blank (and letting PHP use the default user), specify an actual username and password that was added to MySQL using GRANT (or phpMyAdmin, or any other admin client).

Allowing password-less authentication is a huge no-no. Allowing administrator access without a password is just plain horrific. Instead, create limited user accounts for all of your programs. Only use privileged accounts when absolutely necessary...