

$con = mysqli_connect('<remote server ip address>','root','*******','CSV_DB',);
if (!$con) {
    die('Could not connect: ' . mysqli_error($con));


I have a simple program to connect to a mysql server that I created using phpmyadmin, however I get the 'could not connect' message every time I try to connect.


I know that it could be a number of different issues but I'm really looking for advice on how to troubleshoot.


When I ssh as root to the server I can access the server using the terminal and everything is fine. However this connection which uses the same username/password/db/etc and I can't seem to log in. Also, the mysqli_error never prints-not sure why.



Here is a quick quick checklist for enabling Remote Connections for MySQL but read (6) first. If I have missed anything, feel free to edit.

1) Your remote user is connecting through an account that was created with appropriate user,host entries (look at output from select user,host from mysql.user order by 1,2). If not, look into the CREATE USER and/or GRANT commands. Examine the output from SHOW GRANTS for the user.

2) You have done flush privileges; (Some say it is unnecessary, others say it is).

3a) Locate your mysql configuration file referenced in 3b) below by reviewing info in This Document (or for Windows, likely down the C:\ProgramData\MySQL\MySQL Server 5.NNN path). It varies by distro for Linux.

3b) You have modified and saved my.ini (Windows) or my.cnf (Linux) and changed bind-address away from or localhost, in favor of And you have created and rem'd out the following line: #skip-networking. It will look similar to this:



4) Restart the mysql daemon. How one does this varies by distro.

5) Firewall issues. Make sure the port, default being 3306, is open to the outside world (which may in fact just be your intranet). This includes any other layers of firewalls, such as AWS EC2 Security Groups, or similar, if any.


6) Understand that there is a security risk associated with this. Unless you have knowledge of exposing your mysql server to remote connections, do not perform this.

7) Please run frequent security assessments with select statement listed in 1. above including reviewing the SHOW GRANTS for those users. Do not over-grant users with wildcard unnecessarily. Rather, give users the minimal privileges for them to get their work done.


8) Frequently examine failed connection attempts via the General Log and the Error Log as briefly introduced below.


For inbound, you can look at the general query log.

select @@general_log; -- a 1 indicates it is turned on for capture
select @@general_log_file; -- the file that it logs to

So all the queries can be logged to the General Query Log if the setting is turned on. Examine the log for "connect", but especially for Access denied for user to see failed attempts. Do this regularly (not every few years). I do it at least twice a day. Note, you can obviously automate the reporting through an external program. The outside world is going to pound your server to get in like the image below. It is a reality; brace yourself for it.


Check out the manual page for The Error Log too, noting warning levels, and verbosity settings based on your version.


I would recommend that one create a backup copy by date (named as such) and delete the log files after backup to start fresh after the backup. The log files can grow huge in size rapidly, especially the General Log. Don't forget whether or not you have the setting turned on or off for logging.


You can use the two logs to determine if your connection attempt made it past the firewall during the steps here.


09-05 07:02