<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Introduction</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="book.mysqlnd-uh.html">mysqlnd_uh</a></div> <div class="next" style="text-align: right; float: right;"><a href="mysqlnd-uh.quickstart.html">Quickstart and Examples</a></div> <div class="up"><a href="book.mysqlnd-uh.html">mysqlnd_uh</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="intro.mysqlnd-uh" class="preface"> <h1 class="title">Introduction</h1> <p class="para"> The mysqlnd user handler plugin (<em>mysqlnd_uh</em>) allows users to set hooks for most internal calls of the MySQL native driver for PHP (<em><a href="book.mysqlnd.html" class="link">mysqlnd</a></em>). Mysqlnd and its plugins, including PECL/mysqlnd_uh, operate on a layer beneath the PHP MySQL extensions. A mysqlnd plugin can be considered as a proxy between the PHP MySQL extensions and the MySQL server as part of the PHP executable on the client-side. Because the plugins operates on their own layer below the PHP MySQL extensions, they can monitor and change application actions without requiring application changes. If the PHP MySQL extensions (<a href="ref.mysqli.html" class="link">mysqli</a>, <a href="ref.mysql.html" class="link">mysql</a>, <a href="ref.pdo-mysql.html" class="link">PDO_MYSQL</a>) are compiled to use <em>mysqlnd</em> this can be used for: <ul class="itemizedlist"> <li class="listitem"> <p class="para"> Monitoring </p> <p class="para"> <ul class="itemizedlist"> <li class="listitem"> <p class="para"> Queries executed by any of the PHP MySQL extensions </p> </li> <li class="listitem"> <p class="para"> Prepared statements executing by any of the PHP MySQL extensions </p> </li> </ul> </p> </li> <li class="listitem"> <p class="para"> Auditing </p> <p class="para"> <ul class="itemizedlist"> <li class="listitem"> <p class="para"> Detection of database usage </p> </li> <li class="listitem"> <p class="para"> SQL injection protection using black and white lists </p> </li> </ul> </p> </li> <li class="listitem"> <p class="para"> Assorted </p> <p class="para"> <ul class="itemizedlist"> <li class="listitem"> <p class="para"> Load Balancing connections </p> </li> </ul> </p> </li> </ul> </p> <p class="para"> The MySQL native driver for PHP (<a href="book.mysqlnd.html" class="link">mysqlnd</a>) features an internal plugin C API. C plugins, such as the mysqlnd user handler plugin, can extend the functionality of <a href="book.mysqlnd.html" class="link">mysqlnd</a>. PECL/mysqlnd_uh makes parts of the internal plugin C API available to the PHP user for plugin development with PHP. </p> <blockquote class="note"><p><strong class="note">Note</strong>: <strong>Status</strong><br /> <p class="para"> The mysqlnd user handler plugin is in alpha status. Take appropriate care before using it in production environments. </p> </p></blockquote> <div class="section" id="mysqlnd-uh.security"> <h2 class="title">Security considerations</h2> <p class="para"> PECL/mysqlnd_uh gives users access to MySQL user names, MySQL password used by any of the PHP MySQL extensions to connect to MySQL. It allows monitoring of all queries and prepared statements exposing the statement string to the user. Therefore, the extension should be installed with care. The <em>PHP_INI_SYSTEM</em> configuration setting <em><a href="mysqlnd-uh.configuration.html#ini.mysqlnd-uh.enable" class="link">mysqlnd_uh.enable</a></em> can be used to prevent users from hooking mysqlnd calls. </p> <p class="para"> Code obfuscators and similar technologies are not suitable to prevent monitoring of mysqlnd library activities if PECL/mysqlnd_uh is made available and the user can install a proxy, for example, using <a href="ini.core.html#ini.auto-prepend-file" class="link">auto_prepend_file</a>. </p> </div> <div class="section" id="mysqlnd-uh.docs-note"> <h2 class="title">Documentation note</h2> <p class="para"> Many of the mysqlnd_uh functions are briefly described because the <a href="ref.mysqli.html" class="link">mysqli</a> extension is a thin abstraction layer on top of the MySQL C API that the <em>mysqlnd</em> library provides. Therefore, the corresponding <a href="ref.mysqli.html" class="link">mysqli</a> documentation (along with the MySQL reference manual) can be consulted to receive more information about a particular function. </p> </div> <div class="section" id="mysqlnd-uh.name"> <h2 class="title">On the name</h2> <p class="para"> The shortcut <em>mysqlnd_uh</em> stands for <em>mysqlnd user handler</em>, and has been the name since early development. </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="book.mysqlnd-uh.html">mysqlnd_uh</a></div> <div class="next" style="text-align: right; float: right;"><a href="mysqlnd-uh.quickstart.html">Quickstart and Examples</a></div> <div class="up"><a href="book.mysqlnd-uh.html">mysqlnd_uh</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>