MySQL 5.7數據庫應用管理實戰（一）

1 修改mysql數據庫的提示符

1.1 臨時修改mysql登陸提示符，session結束後失效

mysql> prompt \u@\h [\d] \r:\m:\s->
PROMPT set to '\u@\h [\d] \r:\m:\s->'
root@localhost [(none)] 09:18:10->\q

1.2 永久修改mysql登陸提示符

在my.cnf配置文件中，[mysql]模塊下添加如下內容（注意，不是[mysqld]）保存後，無需重啓MySQL，退出當前session，重新登陸即可；如果在my.cnf中添加，可以用\，避免轉義帶來的問題

[root@192168066012_MySQL_5_7_27 ~]# vim /etc/my.cnf
[mysql]
prompt=\\u@\\h [\d] \\r:\\m:\\s->

2 在mysql裏使用help

默認情況下，MySQL中的命令是不區分大小寫的；
help <command> #可以查看具體命令的使用方法

root@localhost [(none)] 09:27:28->help show;
Name: 'SHOW'
Description:
SHOW has many forms that provide information about databases, tables,
columns, or status information about the server. This section describes
those following:

SHOW {BINARY | MASTER} LOGS
SHOW BINLOG EVENTS [IN 'log_name'] [FROM pos] [LIMIT [offset,] row_count]
SHOW CHARACTER SET [like_or_where]
SHOW COLLATION [like_or_where]
SHOW [FULL] COLUMNS FROM tbl_name [FROM db_name] [like_or_where]
SHOW CREATE DATABASE db_name
SHOW CREATE EVENT event_name
SHOW CREATE FUNCTION func_name
SHOW CREATE PROCEDURE proc_name
SHOW CREATE TABLE tbl_name
SHOW CREATE TRIGGER trigger_name
SHOW CREATE VIEW view_name
SHOW DATABASES [like_or_where]
SHOW ENGINE engine_name {STATUS | MUTEX}
SHOW [STORAGE] ENGINES
...省略

3 設置及修改MySQL USER密碼

3.1 命令行設置USER密碼方法

#MySQL單實例設置密碼

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot password "boyu123"

#MySQL多實例設置密碼

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot password 'boyu123' -S /application/mysql/data/3306/mysql.sock

3.2 命令行修改root密碼方法<此方法常用>

#MySQL單實例修改密碼

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 password 'boyu1234'

#MySQL多實例修改密碼

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 password 'boyu1234' -S /application/mysql/data/3306/mysql.sock

3.3 sql語句修改方法<此方法很危險>

#修改root密碼爲boyu123

root@localhost [(none)] 09:43:22->update mysql.user set authentication_string=password('boyu123') where user='root';
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 0  Warnings: 1

#重新加載使配置立即生效
root@localhost [(none)] 09:44:33->flush privileges;
Query OK, 0 rows affected (0.00 sec)

提示：
a.必須指定where條件，否則密碼全部被更改，危險！！！
b.必須使用password()函數來加密更改

4 單實例找回丟失的MySQL USER密碼

4.1 首先停止MySQL數據庫

單實例停止MySQL數據庫

[root@192168066012_MySQL_5_7_27 ~]# /etc/init.d/mysqld stop
Shutting down MySQL. SUCCESS!

4.2 使用--skip-grant-tables啓動MySQL數據庫，忽略授權登陸驗證

命令行輸入如下命令
mysqld_safe --skip-grant-tables --user=mysql &
輸入mysql可以直接跳過驗證進入數據庫
mysql
update 更新root密碼
mysqladmin 優雅關閉數據庫
mysql -uroot -pboyu123 就可以登錄數據庫了
提示：在啓動時，加--skip-grant-tables參數，表示忽略授權表驗證

4.3 使用--skip-grant-tables參數操作方法

#跳過授權表驗證
[root@192168066012_MySQL_5_7_27 ~]# mysqld_safe --skip-grant-tables --user=mysql &
[1] 130775
[root@192168066012_MySQL_5_7_27 ~]# 2019-07-31T13:57:05.294289Z mysqld_safe Logging to '/application/mysql/logs/mysql_5_7_27.err'.
2019-07-31T13:57:05.327331Z mysqld_safe Starting mysqld daemon with databases from /application/mysql/data

#檢查一下數據庫進程
[root@192168066012_MySQL_5_7_27 ~]# ps -ef|grep 3306
root        359  99061  0 21:57 pts/1    00:00:00 grep --color=auto 3306
mysql    131036 130775  2 21:57 pts/1    00:00:00 /application/mysql/bin/mysqld --basedir=/application/mysql --datadir=/application/mysql/data --plugin-dir=/application/mysql/lib/plugin --user=mysql --skip-grant-tables --log-error=/application/mysql/logs/mysql_5_7_27.err --pid-file=/application/mysql/mysqld.pid --socket=/application/mysql/tmp/mysql.sock --port=3306
#無需密碼，即可登入數據庫
[root@192168066012_MySQL_5_7_27 ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
...省略
#更新root密碼
root@localhost [(none)] 10:03:30->update mysql.user set authentication_string=password('boyu123') where user='root';
Query OK, 0 rows affected, 1 warning (0.01 sec)
Rows matched: 1  Changed: 0  Warnings: 1

#刷新授權表
root@localhost [(none)] 10:04:28->flush privileges;
Query OK, 0 rows affected (0.00 sec)

root@localhost [(none)] 10:04:32->\q
Bye
#優雅停止數據庫
[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -pboyu123 shutdown
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
2019-07-31T14:05:16.946425Z mysqld_safe mysqld from pid file /application/mysql/mysqld.pid ended
[1]+  Done                    mysqld_safe --skip-grant-tables --user=mysql
#啓動數據庫
[root@192168066012_MySQL_5_7_27 ~]# /etc/init.d/mysqld start
Starting MySQL. SUCCESS!
#此時，就可以使用新密碼登錄數據庫了
[root@192168066012_MySQL_5_7_27 ~]# mysql -uroot -pboyu123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
...省略
root@localhost [(none)] 10:05:42->

5 多實例找回丟失的MySQL USER密碼

5.1 首先停止MySQL數據庫

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -p"boyu123" -S /application/mysql/data/3306/mysql.sock shutdown

5.2 使用--skip-grant-table啓動MySQL數據庫，忽略授權登陸驗證

[root@192168066012_MySQL_5_7_27 ~]# /application/mysql/bin/mysqld_safe --skip-grant-tables --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err &

5.3 無密碼登錄數據庫，修改root密碼，刷新授權表

[root@192168066012_MySQL_5_7_27 ~]# mysql -S /application/mysql/data/3306/mysql.sock
Welcome to the MySQL monitor.  Commands end with ; or \g.
...省略
mysql> update mysql.user set authentication_string=password('boyu123') where user='root';
Query OK, 0 rows affected, 1 warning (0.01 sec)
Rows matched: 1  Changed: 0  Warnings: 1

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> \q
Bye

5.4 停止3306數據庫，並使用新密碼登陸數據庫

[root@192168066012_MySQL_5_7_27 ~]# mysqladmin -uroot -p"boyu123" -S /application/mysql/data/3306/mysql.sock shutdown
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
2019-08-08T03:37:09.248027Z mysqld_safe mysqld from pid file /application/mysql/data/3306/mysql.pid ended
[1]+  Done                    /application/mysql/bin/mysqld_safe --skip-grant-tables --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err
#啓動3306數據庫
[root@192168066012_MySQL_5_7_27 ~]# /application/mysql/bin/mysqld --port=3306 --user=mysql --character_set_server=utf8 --socket=/application/mysql/data/3306/mysql.sock --datadir=/application/mysql/data/3306/data --pid-file=/application/mysql/data/3306/mysql.pid --log-bin=/application/mysql/data/3306/mysql-bin --server-id=1 --log-error=/application/mysql/data/3306/mysql_boyu3306.err &
#新密碼登錄數據庫
[root@192168066012_MySQL_5_7_27 ~]# mysql -uroot -pboyu123 -S /application/mysql/data/3306/mysql.sock
...省略
mysql>

6 SQL結構化查詢語言

6.1 什麼是SQL？

SQL（Structured Query Language）是結構化查詢語言（數據庫查詢和程序設計語言），它是一種對關係型數據庫中的數據進行定義和操作的語言方法

6.2 常見的SQL語句分類

a. DDL --- 數據定義語言（CREATE,ALTER,DROP）
全稱（Data Definition Language），數據庫中，創建新表或刪除表，爲表加入索引等，也是動作查詢的一部分
b. DML --- 數據操作語言（SELECT,INSERT,DELETE,UPDATE）
全稱（Data Manipulation Language），數據庫中，修改和刪除表中的行(數據)，也稱動作查詢語言
c. DCL --- 數據控制語言（GRANT,REVOKE,COMMIT,ROLLBACK）
全稱（Data Control Language），數據庫中，獲得許可，確定單個用戶和用戶組對數據庫對象的訪問

7 創建數據庫

注意庫名不能以數字開頭
命令語法：create database <數據庫名>

默認數據庫配置，相當於創建拉丁字符集數據庫

root@localhost [(none)] 10:20:09-> create database boyu;

創建gbk字符集數據庫

root@localhost [(none)] 10:20:09-> create database boyu_gbk DEFAULT CHARACTER SET gbk COLLATE gbk_chinese_ci;

創建utf8字符集數據庫

root@localhost [(none)] 10:20:09-> create database boyu_utf8 DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

查看已創建數據庫的字符集

root@localhost [(none)] 10:20:09-> show create database boyu_utf8\G
+-----------+--------------------------------------------------------------------+
| Database  | Create Database                                                    |
+-----------+--------------------------------------------------------------------+
| boyu_utf8 | CREATE DATABASE "boyu_utf8" /*!40100 DEFAULT CHARACTER SET utf8 */ |
+-----------+--------------------------------------------------------------------+
1 row in set (0.00 sec)

提示：
a. 字符集的不一致是數據庫中文內容亂碼的罪魁禍首
b. 如果編譯安裝的時候，指定了特定的字符集，則以後創建對應字符集的數據庫時，就不需要指定字符集了。
c. 企業裏怎麼創建數據庫呢？
根據開發的程序確定字符集（一般是UTF8）
編譯的時候指定字符集，然後再創建的時候，默認創建即可；例如：
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
create database boyu;
編譯的時候沒有指定字符集，或者指定了和程序不同的字符集，如何解決？
創建數據庫的時候，指定字符集即可；

8 顯示數據庫

命令語法：show databases;

顯示當前所有數據庫

root@localhost [(none)] 10:31:00->show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| boyu               |
| boyu_gbk           |
| boyu_utf8          |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
7 rows in set (0.00 sec)

顯示boyu數據庫

root@localhost [(none)] 10:31:05->show databases like 'boyu';
+-----------------+
| Database (boyu) |
+-----------------+
| boyu            |
+-----------------+
1 row in set (0.00 sec)

顯示以boyu開頭的多個數據庫，%爲通配符

root@localhost [(none)] 10:31:36->show databases like 'boyu%';
+------------------+
| Database (boyu%) |
+------------------+
| boyu             |
| boyu_gbk         |
| boyu_utf8        |
+------------------+
3 rows in set (0.00 sec)

9 刪除數據庫

命令語法：drop database <數據庫名稱>

刪除名爲boyu_utf8的數據庫

root@localhost [(none)] 10:31:43->drop database boyu_utf8;
Query OK, 0 rows affected (0.00 sec)

9.1 學習潛意識查看幫助

root@localhost [(none)] 10:39:10->help drop database;
Name: 'DROP DATABASE'
Description:
Syntax:
DROP {DATABASE | SCHEMA} [IF EXISTS] db_name

DROP DATABASE drops all tables in the database and deletes the
database. Be very careful with this statement! To use DROP DATABASE,
you need the DROP privilege on the database. DROP SCHEMA is a synonym
for DROP DATABASE.

10 連接數據庫

命令語法：use <數據庫名稱>

連接/進入boyu數據庫

root@localhost [(none)] 10:45:04->use boyu;
Database changed

查看當前所在的數據庫

root@localhost [boyu] 10:45:07->select database();
+------------+
| database() |
+------------+
| boyu       |
+------------+
1 row in set (0.00 sec)

查看當前數據庫版本

root@localhost [boyu] 10:45:24->select version();
+------------+
| version()  |
+------------+
| 5.7.27-log |
+------------+
1 row in set (0.00 sec)

查看系統/數據庫當前時間

root@localhost [boyu] 10:45:33->select now();
+---------------------+
| now()               |
+---------------------+
| 2019-07-31 22:45:53 |
+---------------------+
1 row in set (0.00 sec)

11 創建MySQL用戶及賦予用戶權限

11.1 用help grant查看命令幫助

通過查看grant命令的幫助，可以很容易的找到創建用戶並授權的例子

root@localhost [boyu] 10:45:53->help grant;
...省略
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
ALTER USER 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;

11.2 運維人員比較常用的創建用戶的方法，使用grant創建用戶的同時進行權限授權，例：

GRANT ALL ON db1.* TO 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';

11.3 grant命令幫助裏面，提供了一個先用create命令創建用戶，然後在用grant授權的方法，即創建用戶和授權權限分開進行，例：

CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
以上兩條命令相當於下面一條命令：
GRANT ALL ON db1.* TO 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';

11.4 通過grant命令創建用戶並授權

grant語法：grant all privileges on dbname.* to ‘username’@‘localhost’ identified by 'mypass';

grant	all privileges	on dbname.*	to username@localhost	identified by 'mypass'
授權命令	對應權限	目標：庫和表	用戶名和客戶端主機	用戶密碼

說明：授權localhost主機上通過用戶username管理dbname數據庫的所有權限，密碼爲passwd。其中username，dbname，passwd可根據業務的情況進行修改

創建boyu用戶，密碼爲boyu123，並授權訪問boyu數據庫的權限

root@localhost [boyu] 11:02:41->grant all privileges on boyu.* to 'boyu'@'localhost' identified by 'boyu123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

刷新權限表

root@localhost [boyu] 11:03:13->flush privileges;
Query OK, 0 rows affected (0.00 sec)

查詢創建狀態

root@localhost [boyu] 11:06:03->select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)

查看boyu擁有的權限

root@localhost [boyu] 11:10:18->show grants for 'boyu'@'localhost';
+--------------------------------------------------------+
| Grants for boyu@localhost                              |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'boyu'@'localhost'               |
| GRANT ALL PRIVILEGES ON "boyu".* TO 'boyu'@'localhost' |
+--------------------------------------------------------+
2 rows in set (0.00 sec)

11.5 授權局域網內主機遠程連接數據庫

根據grant命令語法，我們知道oldboy@localhost位置爲授權訪問數據庫的主機，localhost可以用域名，IP段或IP地址來替代

a.百分號匹配法

root@localhost [boyu] 11:10:41->grant all on boyu.* to boyu@'192.168.66.%' identified by 'boyu123';
Query OK, 0 rows affected, 1 warning (0.01 sec)

root@localhost [boyu] 11:18:50->flush privileges;
Query OK, 0 rows affected (0.00 sec)

b.子網掩碼配置法

root@localhost [boyu] 11:18:55->grant all on boyu.* to boyu1@'192.168.66.0/255.255.255.0' identified by 'boyu123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

root@localhost [boyu] 11:19:34->flush privileges;
Query OK, 0 rows affected (0.00 sec)

c.授權單IP遠程連接

root@localhost [boyu] 11:19:37->grant all on boyu.* to boyu2@'192.168.66.11' identified by 'boyu123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

root@localhost [boyu] 11:19:44->flush privileges;
Query OK, 0 rows affected (0.00 sec)

root@localhost [boyu] 11:19:46->select user,host from mysql.user;
+-------+----------------------------+
| user  | host                       |
+-------+----------------------------+
| boyu  | 192.168.66.%               |
| boyu1 | 192.168.66.0/255.255.255.0 |
| boyu2 | 192.168.66.11              |
| boyu  | localhost                  |
| root  | localhost                  |
+-------+----------------------------+
5 rows in set (0.00 sec)

12 刪除MySQL系統多餘賬號

drop user "user"@"主機域"，注意引號，可以爲單或雙引號，但是不能不加引號

root@localhost [boyu] 11:20:02->drop user 'boyu1'@'192.168.66.0/255.255.255.0';
Query OK, 0 rows affected (0.01 sec)

root@localhost [boyu] 12:47:53->delete from mysql.user where user='boyu2' and host='192.168.66.11';
Query OK, 1 row affected (0.00 sec)

root@localhost [boyu] 01:09:50->select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)

注意：如果drop刪除不了（一般是特殊字符或大寫），可以用下面的方式刪除（以BO#Y&U0@07用戶，BOYU主機爲例）

root@localhost [boyu] 01:27:43->select user,host from mysql.user;
+------------+-----------+
| user       | host      |
+------------+-----------+
| BO#Y&U0@07 | boyu      |
| boyu       | localhost |
| root       | localhost |
+------------+-----------+
3 rows in set (0.00 sec)

root@localhost [boyu] 01:30:05->delete from mysql.user where user='BO#Y&U0@07' and host='boyu';
Query OK, 1 row affected (0.00 sec)

root@localhost [boyu] 01:30:55->select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| boyu | localhost |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)

root@localhost [boyu] 01:31:01->flush privileges;
Query OK, 0 rows affected (0.00 sec)

13 ALL PRIVILEGES裏面包含哪些權限？

SELECT	INSERT	UPDATE	DELETE	CREATE	DROP	INDEX	ALTER	CREATE TEMPORARY TABLES
查詢	插入	更新	刪除	創建庫和表	刪除庫和表	索引	修改	創建臨時表

LOCK TABLES	EXECUTE	CREATE VIEW	SHOW VIEW	CREATE ROUTINE	ALTER ROUTINE	EVENT	TRIGGER	REFERENCES
鎖表	執行	創建視圖	顯示視圖	創建存儲過程	修改存儲過程	事件	觸發器	外鍵

提示：即在授權時，可以授權用戶最小的滿足業務需求的權限，而不是一味的授權"ALL PRIVILEGES"

授權boyu1用戶擁有執行boyu庫的"select,insert,update,delete,create,drop"權限

root@localhost [boyu] 01:59:22->CREATE USER 'boyu1'@'localhost' IDENTIFIED BY 'boyu123';
Query OK, 0 rows affected (0.00 sec)

root@localhost [boyu] 02:00:20->grant select,insert,update,delete,create,drop ON `boyu`.* TO 'boyu1'@'localhost';
Query OK, 0 rows affected (0.00 sec)

root@localhost [boyu] 02:00:28->show grants for boyu1@localhost;
+---------------------------------------------------------------------------------------+
| Grants for boyu1@localhost                                                            |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'boyu1'@'localhost'                                             |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON "boyu".* TO 'boyu1'@'localhost' |
+---------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

創建boyu2用戶，並授予擁有執行boyu庫的"select,insert,update,delete,create,drop"權限

root@localhost [boyu] 01:58:31->grant select,insert,update,delete,create,drop on boyu.* to 'boyu2'@'localhost' identified by 'boyu123';
Query OK, 0 rows affected, 1 warning (0.01 sec)

root@localhost [boyu] 01:59:07->show grants for boyu2@localhost;
+---------------------------------------------------------------------------------------+
| Grants for boyu2@localhost                                                            |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'boyu2'@'localhost'                                             |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON "boyu".* TO 'boyu2'@'localhost' |
+---------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

14 企業生產環境如何授權用戶權限

14.1 博客，CMS等產品的授權

對於web連接用戶授權儘量採用最小化原則，很多開源軟件都是web界面安裝，因此，常規情況下授予select,insert,update,delete權限即可，例如discuz,bbs等開源軟件，還需要授予create,drop比較危險的權限

root@localhost [boyu] 02:00:39-> grant select,insert,update,delete,create,drop ON blog.* to 'blog'@'192.168.66.%' identified by 'boyu123';

14.2 生成數據庫表後，需要收回create,drop權限

root@localhost [boyu] 02:00:39-> REVOKE create ON blog.* FROM 'blog'@'192.168.66.%'; 
root@localhost [boyu] 02:00:39-> REVOKE drop ON blog.* FROM 'blog'@'192.168.66.%';