9

I've just downloaded and installed WAMPserver 2.1 and I want to set a password for the MySQL 5.5.8 database. I'm doing a tutorial at lynda.com and the tutor (Kevin Skoglund) instructions to type:

mysql> use mysql
Database changed

mysql> UPDATE user
    -> SET Password = PASSWORD('paSSword')
    -> WHERE user = 'root';

When I hit enter, I get this error about the WHERE statement:

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
  that corresponds to your MySQL server version for the right syntax to use
  near 'WHERE' user='root'; at line 2

Does anyone know the correct syntax for the WHERE statement? His lessons were done in 2007, so I guess the syntax has changed because it worked for him in the video. This line was returned for him:

Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1  Warnings: 0
mysql>

Thanks

Improve this question
4
  • -1, very bad and insecure code. You should never store passwords like that. Use a secure hash and salt the passwords. Commented Sep 20, 2011 at 16:14
  • that's a bogus password, however, that is exactly how the tutor instructed. he just used different word with a number. Commented Sep 20, 2011 at 16:42
  • Never mind the exact password. You need to use a secure way of storing that info. This way of storing them is rubish. Your tutor needs to be flogged. Commented Sep 20, 2011 at 16:47
  • Wow. His lesson is at lynda.com lynda.com/PHP-tutorials/php-with-mysql-essential-training What is your suggestion. Maybe the lesson are old 2007 way. Commented Sep 20, 2011 at 16:53

5 Answers 5

Reset to default
10

This works on my test server:

mysql> UPDATE user SET password=PASSWORD('newpassword') WHERE user ='root';
mysql> Query OK

You are trying to set Password instead of password (lowercased)

Shai.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Shai, one more step after that is to type at mysql prompt: FLUSH PRIVILEGES; but I am getting this error: "ERROR 1064 (42000): YOu have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FLUSH PRIVILEGES'; at line 1" . but in the video he gets: "Query OK, 0 rows affected (0.00 sec)" How to fix this?
Your syntax seems fine... Did you make sure you have the RELOAD privilege as stated in the manual? dev.mysql.com/doc/refman/5.0/en/flush.html
Thanks, Shai, I was just reading that page. I'm just learning PHP so I'm totally following the tutorial on lynda.com. The instructor has not introduced the RELOAD step yet, he just typed what showed you. I don't know the order of syntax to write and those instructions are not easy to follow. i understand what flush will do, but why i can not use it as the tutor did, is where i fail.
edit not your (Shai) instructions are not easy to follow, but the instructions at the dev.msql.com site are not easy to follow
Shai, i typed FLUSH privileges (lowercase) and it worked: "Query OK, 0 rows affected (0.03 sec)" I guess mySQL 5.5.8 is case sensitive in some cases?
6

I was having the same problem with the same lynda.com tutorial. The solution is:

UPDATE mysql.user SET Password=PASSWORD('cleartext password')
WHERE User='root';
FLUSH PRIVILEGES;
Improve this answer

Comments

2

Login to mysql as root, then

SET PASSWORD FOR 'user-name-here'@'hostname-name-here' = PASSWORD('new-password-here');

For a real scenario

SET PASSWORD FOR 'user_test'@'localhost' = PASSWORD('hello');
Improve this answer

Comments

1

I was having exactly the same problem, the problem was solved as follows:

UPDATE mysql.user SET Password=PASSWORD('YourPassword') WHERE User='root';

NOTE: The problem was that I put <>(angle brackets) instead of () (round brackets) into the program, I know it sounds really dumb, but this is what happened. Because () and <> appear to look the same on command line, I messes them up.

Improve this answer

Comments

-1

This code: 

UPDATE user SET password=PASSWORD('newpassword') WHERE user ='root';

Will compile (for want of a better word), but is very insecure code:

Here's what the MySQL manual says about it:

Note
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.

If you insist on storing passwords in your database, you should always salt them and use a secure hash.
MD5 and SHA1 are no longer secure. In 2005 (!) Bruce Scheier, a leading expert on this topic said: "It's time for us all to migrate away from SHA-1."
I suggest using SHA2 with a 512 bits hash length. 

$user = mysql_real_escape_string($_POST['user']);
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$oldpassword = mysql_real_escape_string($_POST['oldpassword']);

if not(empty($password1) and ($password1 == $password2) {
  $update = "UPDATE user 
  SET passhash = SHA2(CONCAT(id,'$password1'),512) 
  WHERE user = '$user' AND passhash = SHA2(CONCAT(id,'$oldpassword'),512)";

This ensures that the user can only change the password when he knows the old password.

The salt needs to be stored in the same row as the password, but does not need to be secret.
Just make sure you prefix it to the password.

Testing the password works like: 

SELECT * FROM user 
WHERE username = 'root' 
  AND passhash = SHA2(CONCAT(id,'passwordexample'),512)
Improve this answer

4 Comments

Johan, thanks very much for such details. I am just learning PHP today, so your code is very unfamiliar to me. I am in lesson 3 "configuring" which comes right after install WAMP. I'm learning through the lynda.com website. I'm a front-end coder. i'm using the mysql console and the prompts don't have the "$" sign. I'm not sure where to write what you have listed. i've asked a question at lynda.com to update the tutorial. It's not free and it seems to be very wrong from your and Shai's expertise.
maybe password for lesson don't have to be very secure? I don't know the lessons are 4 yrs old, thank you for your time and your help
The code is PHP code. You would type as part of your php page.
I know that this is a very old answer, but -1 because it's bafflingly wrong. Should just be deleted really; there's nothing salvageable. It's not like you actually have any choice about how MySQL stores its passwords so admonishing people for using it makes no sense.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.