I have a PHP script that is inserting a record into a database after getting the data from a user-filled form. I developed on my local machine (WAMP server) and have the following code in my PHP script:
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
//connecting to db
mysql_connect("host", "user", "pass") or die('save_failed');
mysql_select_db("db") or die('save_failed');
//inserting into table
mysql_query("INSERT INTO table(name, email) VALUES('" . $name . "', '" . $email . "' ) ")
or die('save_failed');
The script worked just as expected and the records were being successfully inserted into the table.
As soon as I moved the script to my webserver, I realized the values being stored in the database were empty strings. Removing mysql_real_escape_string fixed this.
Why is it that mysql_real_escape_string won't work on my webserver?
The database I'm working on hasn't changed. Even when developing locally, I was hitting my webserver DB.
PHP ver on localhost is 5.3.8 while on the webserver it is 5.2.
Does PHP 5.2 not support mysql_real_escape_string, and if so what is the alternative?
Put mysql_connect("host", "user", "pass") or die('save_failed'); before mysql_real_escape_string.
You first need to connect to the database, then mysql_real_escape your strings. I suspect it works locally because PHP and your database are configured so they can automatically establish a connection when needed.
http://www.php.net/mysql_real_escape_string
If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.
Apparently you should also activate error reporting and/or check your error logs.
From the manual page for mysql_real_escape_string():
Parameters
unescaped_string: The string that is to be escaped.
link_identifier: The MySQL connection. If the link identifier is not specified, the
last link opened by mysql_connect() is assumed. If no such link is
found, it will try to create one as if mysql_connect() was called with
no arguments. If no connection is found or established, an E_WARNING
level error is generated.
Your code uses mysql_real_escape_string() before calling mysql_connect(). That means that PHP is trying to open a connection to the MySQL server before than you think and you are not providing credentials or doing error checking. If it works in your development box, it's probably pure chance: your local server has default credentials at php.ini or a password-less MySQL account.
Move the connecting to db part to the top and you're done.
Related
I was just wondering if it was possible for certain databases to block SQL accesses through mysql_connect. I recently downloaded XAmpp and created a SQL database using my own computer as a local host and wrote a PHP file that accessed that database.
However, when I tried to change the username and host settings so that Xampp would run the PHP files that would then connect to the external SQL database of a free hosting site that I'm trying to use (biz.co.nf), I got the following error message:
Warning: mysql_connect(): Connection refused in /Applications/XAMPP/xamppfiles/htdocs/...
Right now I'm thinking either:
My login credentials to that database are incorrect, or
Somehow the host blocks SQL accesses from external users, but if I were to load my php code into the server using FileZilla, it should work okay?
Please let me know if this is the case.
I'm also fairly certain I have the right login credentials.
Here's what I have:
$host = "fdb13.biz.nf";
$username = "1764941_login";
$password = ________;
$db_name = "1764941_Login";!
$tbl_name = "Members";
//Connect to server
mysql_connect($host, $username, $password)or die("Cannot Connect!");
mysql_select_db($db_name)or die("Cannot select Database");
with my server settings according to my website...
Of course, I omitted my password.
Connections are refused from remote locations to MySQL for security reasons. You can add your IP Address to enable MySQL to listen from your database by following the instructions in this link - Cyberciti biz tips on enabling remote access to mysql database server In your case, add the IP address of the location where your PHP script.
I would also say that
mysql_connect
is deprecated in PHP. Use mysqli instead. Check the comments in the link - PHP original MySQL API
I want to run a script that successfully connects to a database. I have xampp, both programs running, I have created a database within phpMyAdmin named "testing" with a user login "root" and password "root" (just for this).
The PHP code:
mysql_connect("localhost", "root", "root") or die("<p>failed: " . mysql_error() . "</p>");
I have no idea what is supposed to go into where "localhost" is and can't find an answer. I've tried several different options. Including pointing directly to the damn thing "localhost/xampp/mysql/data/testing".
The first parameter to mysql_connect is the host for your MySQL server. Since you are developing locally, localhost or 127.0.0.1 is probably what you want, unless you want to connect to a remove MySQL server. Both of these addresses will loopback to your own computer, where you should be running your MySQL service.
Also, you may want to consider using MySQLi or PDO. mysql_connect and the related functions are deprecated in PHP 5.5.
localhost is your own machine. If you're using Xampp you most likely won't need to change it.
Besides from opening a connection to the db host, you still need to select a database name (the one you created with phpmyadmin)
mysql_select_db('testing');
Since you're just starting I don't want to annoy you with the rant about the old mysql_ functions to be deprecated. But once you get the basics, try to switch to PDO mysql, the learning curve is the same and you'll avoid wasting your time.
Note that the MySQL extension has been deprecated since PHP 5.5 in favor of PDO MySQL or MySQL Improved.
Using for example MySQLi, in your case the connection statetement should read:
$mysqli = new mysqli("localhost", "root", "root", "testing");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
More information here.
In my script on de webserver I'm trying connect to mysql through the (good old) mysql_connect() to an ip (db server) in the same network.
MySQL keeps throwing me the error:
Access denied for user ''#'localhost' to database 'dbname'
This seems like the db is being searched on the localhost (webserver) instead the IP I've entered (db server).
I've checked the my.cnf and can't find a bind-address or whatever.
When I connect through mysqli_connect(), the connection can be made, so there shouldn't be a firewall issue I guess.
Reason I'm still using mysql_connect is because i'm transferring a big website to a new server, and there is no time to change the function through all the script.
Anybody familiar with this problem and got any suggestion? Thanks in advance!
Update: piece of code
$link = mysql_connect("12.34.56.78", "username", "password");
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db('dbname', $link);
if (!$db_selected) {
die ('Can\'t use dbname : ' . mysql_error());
}
Make sure you have "SQL safe mode" disabled in your php.ini file.
From the documentation of mysql_connect on the server parameter:
server
The MySQL server. It can also include a port number. e.g. "hostname:port" or a path to a local socket e.g. ":/path/to/socket" for the localhost.
If the PHP directive mysql.default_host is undefined (default), then the default value is 'localhost:3306'. In SQL safe mode, this parameter is ignored and value 'localhost:3306' is always used.
Similar filtering applies to the username and password parameters:
The username paramter defaults to the name of the user that owns the server process and password defaults to an empty string.
You can read more on SQL safe mode from here:
http://us1.php.net/manual/en/ini.core.php#ini.sql.safe-mode
Looks like the php is searching on the localhost but is using the username "". I think you have a problem with your user/pass combination and are also putting the ip address in the wrong place. Could you paste your code?
When using mysql_real_escape_string on my local MAMP setup it works fine. Example when I enter "test" into a text field it appears \"test\".
When I publish this to the remote server it does not seem to be escaping the string. "test" appears as "test" in the database.
I have already made sure there is a connection open before escaping.
Example code:
global $db,$db_table_prefix;
mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$title = mysql_real_escape_string($_POST['title']);
$content = mysql_real_escape_string($_POST['content']);
It saves fine to the correct database and what not but just does not seem to be adding the \'s.
That is not m_r_e_s's doing, but magic_quotes.
Your local machine has them enabled. Your remote does not. You ought to disable them locally.
Also, you really ought to start using mysqli or PDO.
magic_quotes might be enabled on your local server. You would need to disable them.
More about disabling magic_quotes: http://www.php.net/manual/en/security.magicquotes.disabling.php
Using ubuntu 12.04 64 bit on Lenovo t410.
Using apache2 and Mysql 5.5 and attempting to connect via localhost
I am attempting to establish a connection to a database that I made on localhost. When the line of code is reached to establish a connection, it seems Mysql simply hangs, and there is no error message displayed after. I verified that an echo works immediately prior to the connection attempt. I know that apache2 server is working as I can access the index page and display my html form.
I have tried etc/mysql/my.cnf setting the bind address to localhost.
My line of code looks like:
// Attempts to establish connection to MySql server
$connection = mysql_connect("localhost","username","password");
// Prints error message if the connection to MySql fails
if (!$connection){
die("Connection failed: " . mysql_error());
}
echo "Connection established.";
I tried the connection line with single quotes and with no semi-colon as well.
I am willing to post the contents of any configuration file I have if the error isn't syntax. I haven't done anything fancy to Ubuntu, everything is the default install. I am new to CS and especially databases, PHP, and networking. This is my little experiment that I am stuck on.
Any help is greatly appreciated. Thanks,
Don
Can it be, because there is no error message, that the connection IS established, but you didn't do anything with it?
I mean, what is the rest of your code, is there after your code here something like:
mysql_select_db("database_name",$connection);
After reading your last comment, it appears the mysql extensions are not being loaded. Have a look at your php.ini, uncomment the following line (remove the semicolon at the beginning of the line) and restart your apache:
extension=php_mysql.so
Make sure the extension exists in the php extensions directory.
Due to the fact that you are using MySQL version > 4.1.3 it is strongly recommended that you use the mysqli extension instead. Have a look at this: PHP: MySQL Overview
try to set
$mysql_user = "your_username";
$mysql_pass = "your_password";
$mysql_server = "Servername";
$link = mysql_connect($mysql_server,$mysql_user,$mysql_pass);
if (!$link) {
header('HTTP/1.1 500');
exit();