I began learning to code a few days ago and I am having some issues with mysql_real_escape_string, specifically with a login.php.
The error messages:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'elegant'#'localhost' (using password: NO) in /home/elegant/public_html/php/login.php on line 3
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/elegant/public_html/php/login.php on line 3
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'elegant'#'localhost' (using password: NO) in /home/elegant/public_html/php/login.php on line 4
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/elegant/public_html/php/login.php on line 4
Please enter a username and a password
Here is the code I have so far -- this code worked in localhost but once I put it online and imported the database tables, it gave me some issues:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if ($username&&$password)
{
$connect = mysql_connect("localhost","elegant_root","password;1") or die("Couldn't connect!");
mysql_select_db("elegant_ezworkstation") or die("Couldn't find database");
$query = mysql_query("SELECT * FROM users WHERE username=$username");
$numrows = mysql_numrows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
echo "You're in";
}
else
echo "Incorrect password!";
}
else
die("That user doesn't exist");
}
else
die("Please enter a username and a password");
?>
EDIT: I changed to mysqli and I got these errors:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 3
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 4
Putting mysql_real_escape_string() after you connect to the db will work fine.
However, you should shift to mysqli or PDO. MySQL is deprecated now.
A few links to help you out
Moving from mysql to mysqli or pdo?
mysqli or PDO - what are the pros and cons?
The equivalent commands in mysqli and PDO for escaping would be mysqli_real_escape_string() and PDO::quote() respectively.
As people are pointing out, PDO is definitely the better alternative. Here is an answer I previously wrote comparing PDO with others.
PDO - real facts and best practice?
And another advantage of this will be that you don't need to use escaping functions if you use prepared statements with named parameters.
Related
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
I am receiving the following errors
Warning: mysql_query()
[function.mysql-query]: Access denied
for user 'anticub1'#'localhost' (using
password: NO)
Warning: mysql_query()
[function.mysql-query]: A link to the
server could not be established
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource
When I submit the form everything goes into the database so I am not sure why I am getting that error...
<?php
$submit=$_POST['submit'];
$text=$_POST['text'];
if ($submit) {
$connect = mysql_connect("localhost","anticub1_shout","root12")
or die("could not connect");
mysql_select_db("anticub1_shoutbox") or die("could not find the db");
mysql_query("INSERT INTO comments VALUES ('','$text')");}
$query = mysql_query("SELECT * FROM comments");
while ($row = mysql_fetch_assoc($query)) {
$post = $row["posts"];
echo "$post"."<br>";
}
?>
The warning:
Warning: mysql_query() [function.mysql-query]: Access denied for user 'anticub1'#'localhost' (using password: NO)
Is NOT produced by your example script! because you provide a password there and its an other username.
$connect = mysql_connect("localhost","anticub1_shout","root12")
Conclusion: You are searching at the wrong place. Search trough all your code for mysql_connect("localhost","anticub1")
my code-
require 'database.php';
$title = mysql_real_escape_string($_POST['title']); //line 48
$cat = $_POST['cat'];
$txtart = mysql_real_escape_string($_POST['artbody']); //line 50
$date = date("d-m-y");
$q = "INSERT INTO tblarticle (art_title, art_cat, art_des, art_date) VALUES ('$title', '$cat', '$txtart', '$date')";
ERROR-->
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'#'localhost' (using password: NO) in C:\xampp\htdocs\shizin\admin\newArticle.php on line 48
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\shizin\admin\newArticle.php on line 48
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'#'localhost' (using password: NO) in C:\xampp\htdocs\shizin\admin\newArticle.php on line 50
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\shizin\admin\newArticle.php on line 50
But data is getting saved in DB but null titile and artbody fields
mysql_real_escape_string tries to connect to the local database, so it can fetch the settings it needs to escape the string correctly for that system.
You can tell the function which connection to use by passing in a link identifier as a second argument:
mysql_real_escape_string($string, $link)
Please check your MySQL username and password and make sure you're entering them properly in mysql_connect. According to the error you didn't run mysql_connect with a password, which may be causing these problems.
Check database.php connection strings, and the MySQL server is running as mysql_real_escape_string needs a valid open database connection to work.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select
Here's my code:
<html>
<head>
</head>
<body>
<?php
$user = mysql_real_escape_string($_GET["u"]);
$pass = mysql_real_escape_string($_GET["p"]);
$query = "SELECT * FROM usario WHERE username = '$user' AND password = '$pass'";
mysql_connect(localhost, "root", "");
#mysql_select_db("multas") or die( "Unable to select database");
$result=mysql_query($query);
if(mysql_numrows($result) > 0){
echo 'si';
}
?>
</body>
</html>
And here's the error I get when I try to run it
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'#'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 7
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 7
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'#'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 8
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 8
Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\useraccess.php on line 16
You need to make your database connection before you call
mysql_real_escape_string
if you don't want to do that, use
mysql_escape_string
instead, since it doesn't care about the connection
Move mysql_connect(localhost, "root", ""); above $user = ...
You need to put single quotes around 'localhost':
mysql_connect('localhost', 'root', '');
Also, a blank root password? Really?
my code-
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
but it throws warning-
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'#'localhost' (using password: NO) in C:\xampp\htdocs\pics\confirm_login_credentials.php on line 3
and
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\pics\confirm_login_credentials.php on line 3
mysql_real_escape_string requires an established link to the database to distinguish the actually used character encoding:
Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.
It seems that you don’t have that when calling mysql_real_escape_string.
http://www.webmasterworld.com/php/3120893.htm
You need the database link before anything else.
mysql_real_escape_string() takes a connection handler and escapes the
string according to the current
character set. Although depreciated,
mysql_escape_string [us3.php.net]
doesn't need a connection
I have this code:
$query = "select id from votes where username = '$user' and article_id = $this->id";
I tried this code to sanitize it:
$query = sprintf("select id from votes where username = '$user' and article_id = $this->id",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
but I get this error for the mysql_real_escape lines:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'mexautos'#'localhost' (using password: NO) in /home/mexautos/public_html/kiubbo/data/article.php on line 145 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/mexautos/public_html/kiubbo/data/article.php on line 145 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'mexautos'#'localhost' (using password: NO) in /home/mexautos/public_html/kiubbo/data/article.php on line 146 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/mexautos/public_html/kiubbo/data/article.php on line 146
I get the user name here, I dont know if its safe enough:
function getUsername(){ return $this->username; }
Thx
You need a mysql connection before you can use mysql_real_escape_string.
I would suggest using prepared statements for this instead of sprintf
Not sure if this is what's causing your problem, but I believe the variables in your sprintf statement shouldn't be '$user' and '$this->id', but they should be '%s'
http://us2.php.net/sprintf
Warning: mysql_real_escape_string()
[function.mysql-real-escape-string]:
Access denied for user
'mexautos'#'localhost' (using
password: NO)
Warning: mysql_real_escape_string()
[function.mysql-real-escape-string]: A
link to the server could not be
established
Did you check the link ? Is it active ? You need to be connected before to use mysql_real_escape_string()
Don't you forget to set the password ?
Try:
mysql -u mexautos -p
(type Enter if no password)
Also, check out your sprintf() function, you need to use the %s to bind your variable
$a = 'Foo';
$b = 'Bar';
$foo = sprintf('Foo Bar %s %s', $a, $b);
You need a connection to use mysql_real_escape_string() because it uses the server's encoding type to help santitize.
Also the sprintf() should look something like this
$query = sprintf("SELECT id FROM votes WHERE username = '%s' and article_id = %d",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
I'd recommend using a mature DB abstraction layer like Zend_Db (there are tons of them out there). Implementing your own homebrew solution is not something I'd recommend for a production system.
Like the other said, not '$user' but '%s' and you need an open connection.
#Tomalak
sprintf is faster - that's the reason why to use it - it is a native C function.