This also does not enable me to upload a data file. My resulting SQL statement reads:
LOAD DATA LOCAL '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ',' ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\r\n' I have also tried: LOAD DATA LOCAL INFILE '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ',' ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\r\n' My hosting provider claims that I have no choice in this matter because of the security reference you have noted. However I find it hard to believe that this privilege can't be granted on a user by user basis as you would GRANT INSERT, DELETE...and so on. I am also puzzled that I have the ability to perform this task from the phpmyadmin utility provided with my hosting account. Regards, Chris ----- Original Message ----- From: "Egor Egorov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 5:50 AM Subject: re: Security issues with LOAD DATA > Chris, > Tuesday, December 03, 2002, 6:58:39 AM, you wrote: > > CW> I developed a PHP application where users can update a mySQL table using > CW> LOAD DATA. Recently I installed this application on another web server where > CW> the File Permissions have been set such that this method of uploading data > CW> is no longer valid. Since phpMyAdmin is not an option I am trying to find an > CW> alternative or workaround such that users can upload a comma delimited text > CW> file containing the table records. > > If user doesn't have FILE privilege you can use LOAD DATA LOCAL, but > in this case you should enable something: > http://www.mysql.com/doc/en/LOAD_DATA_LOCAL.html > > > > > -- > For technical support contracts, goto https://order.mysql.com/?ref=ensita > This email is sponsored by Ensita.net http://www.ensita.net/ > __ ___ ___ ____ __ > / |/ /_ __/ __/ __ \/ / Egor Egorov > / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] > /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net > <___/ www.mysql.com > > > > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
