[wp-hackers] Number of rows without returning data - MySQL

Gavin Pearce Gavin.Pearce at 3seven9.com
Wed Mar 30 10:07:46 UTC 2011


Set unique values, then catch the MySQL error returned:

ALTER TABLE `tablename`
ADD CONSTRAINT `somename` UNIQUE (col1, col2)

Gav


-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Dion Hulse
(dd32)
Sent: 30 March 2011 02:04
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Number of rows without returning data - MySQL

Sorry, Somehow skipped the initial offtopic warning.. :)
Second thought might be to look into stored procedures, It appears that
you
can have execute privs without select privs and rely on the SP to run
the
select

On 30 March 2011 11:56, Dion Hulse (dd32) <wordpress at dd32.id.au> wrote:

> depends on what data you're trying to hide.
> From memory priv_select can allow access to specific columns in
tables, so
> allow users.ID, deny everything else.
> However, also from memory, you need priv_select for columns used in
WHERE,
> and that applies to any usage of WHERE, so you'd probably have to
allow
> selecting the email column which might not fit what you're trying to
> achieve.
> It may have also changed in later versions as what I'm thinking of it
old
> info.
>
> Perhaps you'd be better off offering a web-based API which applies the
> security rules you need?
>
> I would like to mention that this is a bit off topic for wp-hackers
> however, and would probably be better suited to a mysql-centered list,
> whilst I'm sure we've got some decent minds who will know this stuff
like
> the back of their hand.. It doesn't change the fact that isn't the
best
> place for it.
>
> On 30 March 2011 11:47, Robert Lusby <nanogwp at gmail.com> wrote:
>
>> Bit of topic sorry, but maybe you can help:
>>
>> Does anyone know how to count the number of rows that would be
returned in
>> a
>> query, without giving the MySQL user SELECT privs?
>>
>> Need to determine if a set email address is already in a database -
if
>> not,
>> add the address.
>>
>> I have the security improved in that, currently, the MySQL user for
this
>> application can only INSERT .. so worse-case sceniro, is a hacker can
add
>> extra user data, but not view or remove any.
>>
>> Now I need to count number of rows returned, but without any data
actually
>> being returned.
>>
>> Is there a command, or permission level I can use to do this? Any
ideas?
>>
>> Thanks in advance.
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list