On Wed, Jan 06, 2010 at 08:12:39AM -0600, Peter da Silva wrote: > On 2010-01-06, at 07:50, Nicholas Clark wrote: > >So, mysql has an extension of SELECT, "INTO OUTFILE 'file_name'" > > > >This is great. Until you use a relative filename for file_name. > >(For example, their example). > > > >At which point *the server* writes the output file into the > >directory that > >holds the database itself. > > What else do you expect to happen? Of course the server is going to > write the file (whether absolute or relative). I seem to recall > looking at "COPY table TO 'filename'" in PostgreSQL and going > "interesting, but not useful, because the server doesn't have access > to my local system".
If writing arbitrary files into that directory screws up the proper functioning of the database, I'd *expect* it to refuse to do so. Hence, given that it treats writing a relative file as writing to that directory, and the consequences of writing a file to that directory, I would expect it to refuse to write to relative paths. > FTFM: > MySQL: The SELECT ... INTO OUTFILE 'file_name' form of SELECT writes > the selected rows to a file. The file is created on the server host, > so you must have the FILE privilege to use this syntax. Indeed. With no indication of what the current directory is. Nicholas Clark