多表查詢 MySQL管理工具 、 使用者授權及撤銷
複製表源表的key鍵值不會被複制到新表(原表是teadb.user)
複製表:
mysql> create table db4.t1 select * from teadb.user;
複製表結構:
mysql> create table db4.t2 select * from teadb.user where 1=2;
多表查詢,也稱為連線查詢
。將2或2個以上的表,按某個條件連線起來,從中選區需要的資料
。當多個表中存在相同意義的欄位(欄位名可以不同)時,可以通過改欄位連線多個表;
方法:1
1.無條件
mysql> select t4.name,t5.name from t4,t5;
+--------+--------+
| name | name |
+--------+--------+
| root | root |
| bin | root |
| daemon | root |
| root | bin |
| bin | bin |
| daemon | bin |
| root | daemon |
| bin | daemon |
| daemon | daemon |
| root | adm |
| bin | adm |
| daemon | adm |
| root | lp |
| bin | lp |
| daemon | lp |
+--------+--------+
15 rows in set (0.00 sec)
方法:2
2.有條件
mysql> select t4.name,t5.name from t4,t5 where t4.name=t5.name and t4.uid=t5.uid;
+--------+--------+
| name | name |
+--------+--------+
| root | root |
| bin | bin |
| daemon | daemon |
+--------+--------+
mysql> select t4.shell,t5.* from t4,t5 where t4.name=t5.name and t4.uid=t5.uid;
+---------------+--------+------+---------+---------+
| shell | name | uid | comment | homedir |
+---------------+--------+------+---------+---------+
| /bin/bash | root | 1 | root | /root |
| /sbin/nologin | bin | 2 | bin | /bin |
| /sbin/nologin | daemon | 3 | daemon | /sbin |
+---------------+--------+------+---------+---------+
where子查詢
同一個表 小於平均值的資料
mysql> update teadb.user set age=19 where id>=10; //先匯入資料
mysql> select name ,age from teadb.user where age < (select avg(age) from teadb.user);
//函式不能直接比大小,需要先出結果
mysql> select name from teadb.user where name in (select name from teadb.user);
連線查詢
兩個有重複的和不重複資料的表,查詢
方法3:左連線
select 欄位名列表 from 表a lift join 表b on 條件表示式;
mysql> select * from t6 left join t7 on t6.uid=t7.uid;
+--------+------+---------------+--------+------+---------------+
| name | uid | shell | name | uid | shell |
+--------+------+---------------+--------+------+---------------+
| root | 1 | /bin/bash | root | 1 | /bin/bash |
| bin | 2 | /sbin/nologin | bin | 2 | /sbin/nologin |
| daemon | 3 | /sbin/nologin | daemon | 3 | /sbin/nologin |
| adm | 4 | /sbin/nologin | adm | 4 | /sbin/nologin |
+--------+------+---------------+--------+------+---------------+
//左表是t6,右表是t7,條件成立時以左表為查詢結果
方法4:右連線
select 欄位名列表 from 表a right join 表b on 條件表示式;
mysql> select t6.name,t6.uid,t7.name,t7.uid from t6 right join t7 on t7.uid = t6.uid;
+--------+------+--------+------+
| name | uid | name | uid |
+--------+------+--------+------+
| root | 1 | root | 1 |
| bin | 2 | bin | 2 |
| daemon | 3 | daemon | 3 |
| adm | 4 | adm | 4 |
| NULL | NULL | lp | 5 |
| NULL | NULL | sync | 6 |
+--------+------+--------+------+
//以t7表為準為右表,把重複的和不重複的都查詢出來(沒有自動填null)
//以哪個表為準就顯示主表的行數
//巢狀查詢耗資源,cup需要處理
程式設計師用的普通帳號,管理員用管理員帳戶
軟體裝在資料庫伺服器上,客戶端通過網頁顯示出來
50服務端 和 客戶端
[[email protected] ~]# yum -y install php php-mysql httpd
[[email protected] ~]# systemctl restart httpd
[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# tar -xf /phpMyAdmin-2.11.11-all-languages.tar.gz -C /var/www/html/
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# ls
phpMyAdmin-2.11.11-all-languages
[[email protected] html]# mv phpMyAdmin-2.11.11-all-languages/ phpmyadmin //再改名
[[email protected] html]# chown -R apache:apache phpmyadmin/
[[email protected] html]# cd phpmyadmin/
[[email protected] phpmyadmin]# cp config.sample.inc.php config.inc.php
[[email protected] phpmyadmin]# vim config.inc.php
17行 $cfg['blowfish_secret'] = 'han'; //‘’裡面一定要加內容
41行 $cfg['Servers'][$i]['host'] = 'localhost'; //‘’寫客戶端的ip地址
本機再訪問
[[email protected] ~]# firefox 192.168.4.50/phpmyadmin
使用者許可權和撤銷
linux作業系統管理員才能改mysql密碼
[[email protected] ~]# mysqladmin -uroot -p password "654321" //新密碼
Enter password: //輸入原來舊密碼
忘記mysql管理員密碼,恢復(需要linux作業系統root使用者)
vim /etc/my.cnf
[mysqld]
secure_file_priv=/mydir //預設資料夾
default-storage_engine=myisam //預設
#validate_password_policy=0 //註釋
#validate_password_length=6 //註釋
skip-grant-tables //跳過密碼授權 //改過密碼後註釋掉,恢復上面的兩個
[[email protected] ~]# systemctl restart mysqld
[[email protected] ~]# mysql
mysql> select host,user,authentication_string from mysql.user;
+---------------------+----------------------+-------------------------------------------------------------------------------------+
| host | user | authentication_string |
+---------------------+---------------------+--------------------------------------------------------------------------------------+
| localhost | root | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------------+---------------------+--------------------------------------------------------------------------------------+
mysql> update mysql.user set authentication_string=password("123456")where host="localhost" and user="root";
mysql> flush privileges; //重新整理配置,使密碼生效
再修改my.cnf檔案(看上註釋),重啟mysqld
驗證
[[email protected] ~]# mysql -uroot -p123456
客戶端自己做連線工具,要裝包
本機其他使用者連線,其他客戶端訪問服務端都需要服務端授權
檔案儲存位置:授權庫(儲存在庫mysql裡面)
授權庫mysql,主要的幾個表
user:儲存授權使用者的訪問許可權 //使用者
db:儲存授權使用者對錶的訪問許可權 //庫
tables_priv:儲存授權使用者對錶的訪問許可權 //表
columns_priv:儲存授權使用者對欄位的訪問許可權 //欄位
grant配置授權
基本用法:
grant 許可權列表 on 庫名.表名 to 使用者名稱@'客戶端地址' identified by '密碼' [whit grant option];
允許改使用者為其他使用者授權。
mysql> grant all on *.* to [email protected]"%" identified by "123456" with grant option;
//新建使用者mydba 。對所有庫、表有完全許可權,允許從任何地址訪問,密碼設定為“123456”,允許改使用者為其他使用者授權
檢視許可權(查看錶記錄方式)
。mysql> select * from mysql.user where user="mydba"\G;
。mysql> select host,user from mysql.user;
+-----------+-----------+
| host | user |
+-----------+-----------+
| % | mydba |
| localhost | mysql.sys |
| localhost | root |
+-----------+-----------+
。mysql> show grants for [email protected]"%"; //命令的方式檢視許可權
+---------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+---------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'mydba'@'%' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------------------+
驗證:[[email protected] ~]# mysql -h192.168.4.50 -umydba -p123456
MySQL [(none)]> select user(); //查詢當前登陸的使用者名稱
+-----------------------------------------+
| user() |
+-----------------------------------------+
+-----------------------------------------+
MySQL [(none)]> select @@hostname; //檢視主機名
+-----------------------+
| @@hostname |
+-----------------------+
| client |
+-----------------------+
MySQL [(none)]> show grants; //檢視自己許可權
+---------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+---------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'mydba'@'%' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------------------+
MySQL [(none)]> set password=password("123abc");
在客戶端給自己修改密碼
[[email protected] ~]# mysql -h192.168.4.50 -umydba -p123abc
資料庫管理員修改授權使用者的連線密碼
mysql> set password for [email protected]"%"=password("123456"); //資料庫服務端root管理員修改密碼
測試mydba使用者授權許可權:建立新表 對錶記錄的增珊改查許可權 ,和授權許可權(可以建立使用者)
客戶端:mydba使用者建立,
MySQL [(none)]> grant all on gamedb.* to [email protected]"localhost" identified by "123465";
//只能在服務端的本機用test1使用者登陸,只有gamedb庫下的表有許可權
mysql> show grants for [email protected]"localhost"; //檢視使用者的許可權策略
+---------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+---------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test1'@'localhost' |
| GRANT ALL PRIVILEGES ON `gamedb`.* TO 'test1'@'localhost' |
+---------------------------------------------------------------------------------------------------------------------+
mysql> show databases;
+---------------------------------------+
| Database |
+---------------------------------------+
| information_schema | //預設的假庫,此使用者沒有許可權看其他的庫
+---------------------------------------+
撤銷mydba的授權許可權
root操作
mysql> show grants for [email protected]"%";
+---------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+---------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'mydba'@'%' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------------------+
mysql> revoke grant option on *.* from [email protected]"%"; //撤銷授權
mysql> show grants for [email protected]"%";
+---------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+---------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'mydba'@'%' |
+---------------------------------------------------------------------------------------+
mysql> revoke delete,drop on *.* from [email protected]"%"; //撤銷對所有庫的刪除許可權
mysql> revoke all on *.* from [email protected]"%"; //撤銷所有許可權
mysql> show grants for [email protected]"%"\G;
*************************** 1. row ***************************
Grants for [email protected]%: GRANT USAGE ON *.* TO 'mydba'@'%'
mysql> select * from mysql.db where user="test1"\G;
mysql> drop user [email protected]"%"; //刪除使用者
Query OK, 0 rows affected (0.01 sec)
mysql> select name,host from mysql.user;
ERROR 1054 (42S22): Unknown column 'name' in 'field list'
mysql> select user,host from mysql.user;
+---------------------+---------------------+
| user | host |
+---------------------+---------------------+
| mysql.sys | localhost |
| root | localhost |
| test1 | localhost |
+---------------------+---------------------+
案例: ///授權使用者只能建立小於、等於自身使用者的許可權的帳戶,還要保證資料能寫入mysql庫中
mysql> grant all on db3.* to [email protected]"%" identified by "123456" with grant option; //建立使用者需要把資訊登入mysql.* 中,所以要給mysql庫的寫許可權
mysql> grant insert on mysql.* to [email protected]"%"; //root允許admin使用者可以在mysql庫的所有表中寫入
再進客戶端用普通使用者admin登入,方可建立使用者
MySQL [db3]> grant all on db3.* to [email protected]"%" identified by "123456";
撤銷許可權時,庫名的表示方式要和授權時一樣。
忘記加授權可以繼續加:
mysql> grant all on db3.* to [email protected]"%" identified my "123456";
mysql> grant all on db3.* to [email protected]"%" identified by "123456" with grant option;
//加授權