adding users to mysql db

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

i maded this to add users to mysql


use DBI;

my $server = 'localhost';
my $db     = 'mysql';
my $user   = 'root';
my $passwd = shift;
my $new_user_db = shift;
my $new_user    = shift;
my $new_user_pw = shift;

my $dbh = DBI->connect( "dbi:mysql:$db:$server", $user, $passwd );

my $grant_local = <<SQL;
grant 
      select
    , insert
    , update
    , delete
    , create
    , drop 
on ${new_user_db}.*
to '$new_user'\@'localhost'
identified by '$new_user_pw'
SQL

my $grant_anyhost = <<SQL;
grant 
      select
    , insert
    , update
    , delete
    , create
    , drop 
on ${new_user_db}.*
to '$new_user'\@'%'
identified by '$new_user_pw'
SQL

for my $cmd ( ($grant_local, $grant_anyhost) ) {
    my $sth   = $dbh->prepare( $cmd );
    $sth->execute();
    $sth->finish();
}

$dbh->disconnect();
[download]

if you see way to made it better please post reeply

Comment on adding users to mysql db Download Code

Replies are listed 'Best First'.
Re: adding users to mysql db by Your Mother (Archbishop) on Jul 28, 2004 at 01:15 UTC
It's got some pretty serious security problems. It's taking the root db password on the command line so it could end up snooped or in a publically viewable history file. You also aren't DB quoting the variables you're feeding to SQL which can be pretty dangerous. (Lots more and a stab at a redo of the code below.) Read more... (3 kB)	[reply] [d/l] [select]