LOAD DATA 默认读的是服务器上的文件,但是加上LOCAL参数后,就可以将本地具有访问权限的文件加载到数据库中。这在带来方便的同时。也带来了以下安全问题:


2、在WEB环境中,客户从WEB服务器连接,用户可以使用LOAD DATA LOCAL语句来读取WEB服务器进程有读访问权限的任何文件(假定用户可以运行SQL服务器的任何命令)。在这种环境中,MySQL服务器的客户实际上是WEB服务器,而不是连接WEB服务器的用户运行的程序。


1、  可以用--local-infile=0选项启动mysqld从服务器端禁用所有LOAD DATA LOCAL命令。即是在/etc/my.cnf的[mysqld]下面添加local-infile=0选项。

2、  对于mysql命令行的客户端,可以通指定--local-infile[=1]选项启用LOAD DATA LOCAL命令,或通过--local-infile=0选项禁用。
类似地,对于mysqlimport,--local or -L选项启用本地数据库文件装载。在任何情况下,成功进行本地装载需要服务器启有相关选项。




# The MySQL server


port            = 3306

socket          = /tmp/mysql.sock


key_buffer = 16M

max_allowed_packet = 1M

table_cache = 64

sort_buffer_size = 512K

net_buffer_length = 8K

read_buffer_size = 256K

read_rnd_buffer_size = 512K

myisam_sort_buffer_size = 8M

local-infile=0    (增加此选项)



/etc/init.d/mysql restart


尝试用—user=root 连接

[root@localhost ~]# /home/mysql/bin/mysql--user=root --password --host=localhost

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 2

Server version: 5.0.45-logMySQL Community Server (GPL)


Type 'help;' or '\h' for help. Type '\c' toclear the buffer.


mysql> show databases;


| Database          |


| information_schema |

| confluence         |

| mysql              |

| test               |

| test01             |


5 rows in set (0.00 sec)


mysql> use test01;

Database changed

mysql> select user();


| user()         |


| root@localhost |


1 row in set (0.00 sec)


mysql> select * from role;


| rid | name               |


|   1| anonymous user     |

|   2| authenticated user |


2 rows in set (0.01 sec)


mysql> load data local infile 'test_01.sql' into tablerole fields terminated by ',';

ERROR 1148 (42000): The used command is not allowed with thisMySQL version



# The MySQL server


port            = 3306

socket          = /tmp/mysql.sock


key_buffer = 16M

max_allowed_packet = 1M

table_cache = 64

sort_buffer_size = 512K

net_buffer_length = 8K

read_buffer_size = 256K

read_rnd_buffer_size = 512K

myisam_sort_buffer_size = 8M

local-infile=1    (将此选项改为1)





[root@localhost ~]# /home/mysql/bin/mysql--user=root --password --host=localhost

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 2

Server version: 5.0.45-logMySQL Community Server (GPL)


Type 'help;' or '\h' for help. Type '\c' toclear the buffer.


mysql>use test01;


mysql>select * from role;


|rid | name               |


|   1 | anonymous user     |

|   2 | authenticated user |


2rows in set (0.00 sec)


mysql>load data local infile 'test_01.sql' into table role fields terminated by ',';

QueryOK, 1 row affected (0.00 sec)

Records:1  Deleted: 0  Skipped: 0 Warnings: 0


mysql>select * from role;


|rid | name               |


|   1 | anonymous user     |

|   2 | authenticated user |

|   3 | zhongyh user       |


3rows in set (0.00 sec)





# The MySQL server


port            = 3306

socket          = /tmp/mysql.sock


key_buffer = 16M

max_allowed_packet = 1M

table_cache = 64

sort_buffer_size = 512K

net_buffer_length = 8K

read_buffer_size = 256K

read_rnd_buffer_size = 512K

myisam_sort_buffer_size = 8M

local-infile=1    (将此选项改为1)


[root@localhost ~]# /home/mysql/bin/mysql--user=root --password --host=localhost--local-infile=0

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.0.45-logMySQL Community Server (GPL)


Type 'help;' or '\h' for help. Type '\c' toclear the buffer.


mysql> use test01;

Database changed

mysql> select * from role;


| rid | name               |


|   1| anonymous user     |

|   2| authenticated user |

|   3| zhongyh user       |


3 rows in set (0.00 sec)


mysql> load data local infile'test_02.sql' into table role fields terminated by ',';

ERROR 1148 (42000): The used command is notallowed with this MySQL version
