MariaDB Setup & phpMyAdmin

Make a real database, a real user, and connect from PHP. The way you set this up now shapes every project you build for the next decade.

Never use root from PHP. Make a per-project user with minimum privileges. Use utf8mb4 (not utf8). Use 127.0.0.1, not localhost, in connection strings.

Log into MariaDB

sudo mariadb

You're at MariaDB [(none)]>. The (none) means no database selected yet.

Tattoo this rule: never connect from PHP as root

Analogy: you own an apartment building. Root has the master key. Would you hand the master key to the painter just because he needs apartment 3B? Nope — you give him a key that only opens 3B.

Same with databases. Each project gets its own user with limited permissions.

Create the medtrack database + user

At the MariaDB prompt, paste this (replace the password with a real strong one):

CREATE DATABASE medtrack
  CHARACTER SET utf8mb4
  COLLATE utf8mb4_unicode_ci;

CREATE USER 'medtrack_user'@'localhost' IDENTIFIED BY 'pick-a-strong-password';

GRANT SELECT, INSERT, UPDATE, DELETE
  ON medtrack.*
  TO 'medtrack_user'@'localhost';

FLUSH PRIVILEGES;
EXIT;

What you just did:

Made a database called medtrack with proper Unicode support
Made a user medtrack_user that can only connect from this machine
Gave that user permission to read/write rows in medtrack ONLY
NOT permission to drop tables, change schema, or see other databases

If medtrack ever gets compromised, the blast radius is contained to that one database. Principle of least privilege — one of the highest-ROI habits in software.

utf8mb4, not utf8. MariaDB's "utf8" is a broken 3-byte version that can't store emoji or many Asian characters. Naming embarrassment kept for historical compatibility. Always use utf8mb4.

Connect from PHP

Build: First Database Connection

Goal: prove PHP can talk to MariaDB.

Create /home/erictey/server/db-test.php

Drop this in (sub in your real password):

<?php
$dsn = 'mysql:host=127.0.0.1;dbname=medtrack;charset=utf8mb4';
$user = 'medtrack_user';
$pass = 'your-real-password';

try {
    $pdo = new PDO($dsn, $user, $pass, [
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        PDO::ATTR_EMULATE_PREPARES => false,
    ]);
    echo "✓ Connected to medtrack database!";

    // Bonus: check the MariaDB version
    $row = $pdo->query("SELECT VERSION() AS v")->fetch();
    echo "<br>Server: " . $row['v'];
} catch (PDOException $e) {
    echo "✗ Failed: " . $e->getMessage();
}
?>

Visit http://192.168.0.19/db-test.php
Should see "✓ Connected" + the MariaDB version

If it failed: the error message tells you what's wrong. Wrong password? Wrong db name? Driver not installed? Trust the error.

Use 127.0.0.1, not localhost in the DSN. PHP treats the literal string "localhost" as "use Unix socket" — which usually doesn't work without extra config. 127.0.0.1 forces TCP and Just Works. This bug costs everyone exactly one hour, exactly once.

(Optional) Install phpMyAdmin for clicky DB access

If you want a GUI for poking at the database:

sudo apt install phpmyadmin -y

Web server? → tick apache2 (spacebar to toggle)
Configure with dbconfig-common? → Yes
Set the phpMyAdmin app password

Then hit http://192.168.0.19/phpmyadmin/ and log in as medtrack_user.

Lock phpMyAdmin to localhost only. It's one of the most-attacked services on the internet. Edit /etc/apache2/conf-available/phpmyadmin.conf, change Require all granted to Require local in the main <Directory> block. Then sudo systemctl reload apache2.

Backup basics: mysqldump

Dump one database:

sudo mysqldump --single-transaction medtrack > ~/backups/medtrack-$(date +%F).sql

Restore:

sudo mariadb medtrack < ~/backups/medtrack-2026-05-29.sql

Run that backup command right now. Then peek at the SQL file: head -50 ~/backups/medtrack-*.sql. You'll see the actual CREATE DATABASE statement and everything. That single file IS your database — copy it anywhere and you can restore it.

Untested backup = not a backup. Once a quarter, restore your backup to a test database and confirm everything's there. Future you when the disk dies will be unspeakably grateful.