5 Replies - 794 Views - Last Post: 13 April 2013 - 02:54 PM Rate Topic: -----

#1 Shado3225  Icon User is offline

  • D.I.C Regular

Reputation: 17
  • View blog
  • Posts: 325
  • Joined: 23-February 10

Error: mysql_real_escape_string

Posted 01 April 2013 - 10:06 AM

Good day all

I'm currently busy learning PHP, I'm currently learning how to use SELECT, DELETE, UPDATE and INSERT to display and manage content in a database table.

So far things seem to be going ok but I seem to be having a problem with a particular line which is outputting the follow error:

Quote

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'username'@'localhost' (using password: NO) in ****/insert.php on line 48

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in ****/insert.php on line 48


Obviously the user name being outputted in the error is not the database username, this apparently has to do with the nature of the error. Through all my reading I have deduced that for some or other reason it is not connecting to my database even though I have a config include two lines above the code.

This is the offending line of code:
$cname = mysql_real_escape_string(htmlspecialchars($_POST['name']));


I've done a lot of searching the last two days but have not been able to get this fixed. I have tried using mysqli, using the db details in a variable, removing the line, I'm at a loss.

Is there anyone that might be able to tell me what it is I am doing wrong?

Here is the who page (unfortunately it wont let me upload it):
<?php
function valid($xname, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Insert Records</title>
</head>
<body>
<?php

if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<table border="1">
<tr>
<td colspan="2"><b><font color='Red'>Insert Records </font></b></td>
</tr>
<tr>
<td width="179"><b><font color='#663300'>Name<em>*</em></font></b></td>
<td><label>
<input type="text" name="name" value="<?php echo $xname; ?>" />
</label></td>
</tr>

<tr align="Right">
<td colspan="2"><label>
<input type="submit" name="submit" value="Insert Records">
</label></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}

include('./include/config.php');

if (isset($_POST['submit']))
{

$xname = mysql_real_escape_string(htmlspecialchars($_POST['name']));

if ($xname == '')
{

$error = 'Please enter the details!';

valid($xname, $error);
}
else
{

mysql_query("INSERT xtable SET name='$xname'")
or die("Oops! You failed to insert new course data ᕙ(⇀‸↼‶)ᕗ" .mysql_error());

header("Location: view.php");
}
}
else
{
valid('','','','');
}
?>


Is This A Good Question/Topic? 0
  • +

Replies To: Error: mysql_real_escape_string

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3030
  • View blog
  • Posts: 10,553
  • Joined: 08-August 08

Re: Error: mysql_real_escape_string

Posted 01 April 2013 - 10:42 AM

Read, study, and use:
http://www.dreaminco...duction-to-pdo/
Was This Post Helpful? 1
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6075
  • View blog
  • Posts: 23,540
  • Joined: 23-August 08

Re: Error: mysql_real_escape_string

Posted 01 April 2013 - 10:44 AM

Quote

Through all my reading I have deduced that for some or other reason it is not connecting to my database even though I have a config include two lines above the code.


You are correct. What are the contents of this "config include" file.

If you're just learning PHP and MySQL, please do the right thing and stop using whatever outdated tutorial you're using and check out the tutorials on PDO in our tutorials section. Pay specific attention to those regarding the use of prepared statements. The mysql_* family of function has been DEPRECATED and SHOULD NOT BE USED for new development. From the manual:

Quote

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

Was This Post Helpful? 1
  • +
  • -

#4 Shado3225  Icon User is offline

  • D.I.C Regular

Reputation: 17
  • View blog
  • Posts: 325
  • Joined: 23-February 10

Re: Error: mysql_real_escape_string

Posted 01 April 2013 - 10:50 AM

Thank you guys, I'm going to read through your suggestions now and see if I can figure this out.
Was This Post Helpful? 0
  • +
  • -

#5 Shado3225  Icon User is offline

  • D.I.C Regular

Reputation: 17
  • View blog
  • Posts: 325
  • Joined: 23-February 10

Re: Error: mysql_real_escape_string

Posted 12 April 2013 - 08:39 AM

Hi guys,

Just a report back on my question, it seems I was closing off database connection in my config file.

JackOfAllTrades, I think you were on to something with your question.

I have since corrected it and my script is working perfectly.

I'm currently working on learning PDO.

Thanks again.

This post has been edited by Shado3225: 12 April 2013 - 08:41 AM

Was This Post Helpful? 0
  • +
  • -

#6 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Error: mysql_real_escape_string

Posted 13 April 2013 - 02:54 PM

Hey.

One additional comment about your code. In that same line of code, you are using the htmlspecialchars function prematurely. You shouldn't prepare output on the way into the database. Output should be prepared on the way out of the database.

The htmlspecialchars function makes sure special HTML characters in the given string are replaced with their respective HTML entities, thus making the string safe to be printed into HTML output. But it also corrupts the string if it is not used in a HTML page.

While the data is in the database it should not be assumed that it's only purpose is to be printed into a HTML page. You want your data to be neutral, so you can conceivably use it for purposes other than to be used for HTML output, even if that is not something you foresee happening right now.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1