PDO 连接从命令行工作,但不是通过 Apache?

2022-01-24 00:00:00 connection php mysql pdo

我有一个非常简单的测试脚本:

I have a very simple test script:

<?php

$DSN = "mysql:host=db.example.edu;port=3306;dbname=search_data";

try {

    $DB = new PDO($DSN, "username", "super-secret-password!");

} catch (PDOException $e) {

    header('Content-Type: text/plain');
    print "Could not connect to database, rawr. :-(";
    exit;

}


$SQL = "SELECT phrase FROM search ORDER BY RAND() LIMIT 10";

foreach($DB->query($SQL) as $row){

    print $row['phrase']."
";

}

?>

当我从命令行执行这个脚本时,它运行良好:

When I execute this script from the command line, it works perfectly:

$ php test.php
corporal punishment
Stretches
voluntary agencies and the resettlement of refugees
music and learning
Nike Tiger Woods Scandal
Hermeneia
PSYCHINFO
anthony bourdain
Black-White Couples and their Social Worlds
colonization, hodge

但是当我通过网络浏览器访问完全相同的脚本时,它会显示:

But when I access the exact same script through my web browser, it says:

Could not connect to database, rawr. :-(

我在错误上尝试了 var_dump,消息是:SQLSTATE[HY000] [2003] Can't connect to MySQL server on 'db.example.edu' (13)".

I've tried var_dump on the error, and the message is: "SQLSTATE[HY000] [2003] Can't connect to MySQL server on 'db.example.edu' (13)".

这令人费解.它是完全相同的脚本在完全相同的服务器上 - 为什么当我从命令行执行它时它可以工作,但当 Apache 执行它时却失败了?

This is puzzling. It's the exact same script on the exact same server -- why does it work when I execute it from the command line, but fail when Apache executes it?

推荐答案

如果这是运行 SELinux(或任何使用 SELinux 的非 Red Hat 衍生产品)的 Red Hat 派生发行版(RHEL、CentOS、Fedora、ScientificLinux),则默认撰写本文时的策略设置是禁止 Apache 与其他服务器或数据库建立外部连接.作为 root,您必须启用以下两个 SELinux 布尔值.使用 -P 选项在重新启动后保留更改.

If this is a Red Hat-derived distribution (RHEL, CentOS, Fedora, ScientificLinux) running SELinux (or any non Red Hat derivative using SELinux), the default policy setting at time of this writing is to prohibit Apache from making external connections to other servers or databases. As root, you must enable the following two SELinux booleans. Use the -P option to persist the change across a reboot.

setsebool -P httpd_can_network_connect=1
setsebool -P httpd_can_network_connect_db=1

请注意,httpd_can_network_connect 可能不是必需的.请先尝试仅开启 httpd_can_network_connect_db.

Note that httpd_can_network_connect may not be necessary. Try it first turning on only httpd_can_network_connect_db.

相关文章