Using mysqldump via PHP system($command, $retval) does not work.

pizzipie · 05-15-2016, 03:57 PM

Including code for two versions of mysqldump.

I run file1 as php -f file1.php and it works just fine.

I run file2 through an AJAX call to file2.php and I get a retval of 2 from the system() call.

I have set permissions on the directory and files to 777 so this shouldn't be a file permission problem.

Appreciate help in fixing this so I can use the file2 version.

Thanks, R

Code:

// =============== file1 ====================


<?php

//Show errors
error_reporting(E_ALL);
ini_set('display_errors', 'On');
ini_set('html_errors', 'On');

$dbhost='localhost';
$dbuser='rick';
$dbpass='rick';
$dbname='pizzidb';

//$dbname=trim($_POST['db']); // call in progress through $.ajax
//$dir=trim($_POST['dir']);

$db='pizzidb';
$dir='/home/rick/DB-Web/pizzidb';

$format="m.d.y_G.i.s"; // month, day, year _ hr, min, sec

$backupFile=$dir. "/".rtrim(strtoupper($db))."_DUMP_". date($format).".sql.gz";

$command = "/usr/bin/mysqldump --opt --add-drop-database --databases -h". $dbhost. " -u". $dbuser. " -p".$dbpass.
" ". $dbname. " | gzip > ". $backupFile;

$bak_result = system($command, $retval);

echo "retval = ".$retval."\n\n";

?>

// =========================== file2 =======================


<?php

//Show errors
error_reporting(E_ALL);
ini_set('display_errors', 'On');
ini_set('html_errors', 'On');

$dbhost='localhost';
$dbuser='rick';
$dbpass='rick';

$dbname=trim($_POST['db']); // call in progress through $.ajax
$dir=trim($_POST['dir']);

$format="m.d.y_G.i.s"; // month, day, year _ hr, min, sec

$backupFile=$dir. "/".rtrim(strtoupper($dbname))."_DUMP_". date($format).".sql.gz";

$command = "/usr/bin/mysqldump --opt --add-drop-database --databases -h". $dbhost. " -u". $dbuser. " -p".$dbpass.
" ". $dbname. " | gzip > ". $backupFile;

$bak_result = system($command, $retval);

if ( $retval != 0) {

echo "bad";
}
else {

echo "File is stored in: ". $backupFile."\n";
}


?>

sundialsvcs · 05-15-2016, 06:29 PM

In my humble opinion, mysqldump is not a tool that should properly be executed by an HTTP web-server in response to an AJAX request.

NevemTeve · 05-16-2016, 03:49 AM

@OP: you could help explicitly showing the difference between the two programs. If it is about '$retval' being zero or not, use var_dump to print its value.

And, indeed, PHP should not be involved in database-dumping; use ssh to login, and some shell to parametrize program mysqldump.

pizzipie · 05-16-2016, 11:43 AM

Thanks,

I'll think about not using PHP for this in the future.

R.

pizzipie · 05-17-2016, 12:33 PM

Found my problem. I had all the files with permission 777 but NOT the directory they were located in. I set the directory to 777 and it now works.

NOW, I've thought about using a bash script (backup.sh) to do this and in the reading I have done, it appears you can't call say, bakup.sh, from html (at least easily). Also I don't really understand why my plan to use PHP to do this is not the thing to do.

I am doing this so I can have a menu with Radio Buttons, 'Backup Database' and 'Restore Database', in my HTML file. This eliminates grubbing around in my files looking for a shell script to backup my data.

In fact this whole security thing is freaking me out. Here are several questions that I hope you will answer.

If my computer is connected to the internet (wifi) and not browsing any particular site is it open to attack?
If I am connected to some particular internet site (wifi) is my computer open to attack?
If my computer is connected to the internet (wifi) but 'hibernating' is it open to attack?

All my use is in regards to my 'Home Database'. However, I am presently encrypting portions of my data in MySql and setting up passwords to access my html database programs.

Appreciate additional help on this.

R

keefaz · 05-17-2016, 04:14 PM

Any connected computer is open to attack, by using GNU/Linux OS you raise the difficulty to do so, by using a firewall you raise security a little more etc...

The problem using mysqldump remotely with php is connection wise I think, how stable is this connection, how secure and how much time php is allowed to keep the connection (max_execution_time)

pizzipie · 05-19-2016, 04:47 PM

Thanks keefaz,

I am running Ubuntu 14.04. The programs and data are contained on my computer. I have LAMP set up and use a virtual host with Apache2. I am in the process of encrypting the data in my MySql databases. The actual dump of my data takes milleseconds.

R

keefaz · 05-19-2016, 08:15 PM

Another security concern is that the javascript is executed on client side so the path to php script will be known, opening access to a ddos atack for example (executing mysqldump many times).