Link to home
Start Free TrialLog in
Avatar of privateland
privatelandFlag for United States of America

asked on

How do I use my_sql_real_escape_string successfully?

Hello all.

I keep getting these warnings:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ....(using password: NO) in .....on line 9

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in.....on line 9

When I've googled the warnings I keep seeing that I have to be connected to the database in order to use mysql_real_escape_string.  But I am pretty sure I'm connected, so below I've included the first 9 lines.  Maybe someone can help me figure out what I'm doing wrong?

Thanks,
~Amy

<?php
session_start();
 
include ("databaseinfo");\\This connects me to the db
 
$username=$_SESSION['username'];
 
$username=htmlspecialchars($username);
$username_sq=mysql_real_escape_string($username);

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Show us your DB connection code, please
Avatar of privateland
privateland
Flag of United States of America image

ASKER

The following is the "databaseinfo.php"
<?php
	$user="user";
	$host="IP addy";
	$password="password";
	$database="Database";
$conn = mysql_connect ($host, $user, $password, $database);
 
if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
}
 
mysql_select_db($database, $conn);
 
if (!mysql_select_db("Database")) {
    echo "Unable to select Customer Data: " . mysql_error();
    exit;
}
 
?>

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Try this...

Also, what is your  platform?
<?php
session_start();
 
include ("databaseinfo");\\This connects me to the db
 
$username=$_SESSION['username'];
 
$username=htmlspecialchars($username);
$username_sq=mysql_real_escape_string($username, $conn);

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Wait a sec...

Is this:
include ("databaseinfo");\\This connects me to the db

supposed to be this:
include ("databaseinfo.php");\\This connects me to the db
Avatar of privateland
privateland
Flag of United States of America image

ASKER

Yes, that was a typo on my part.  But it is correct in my actual code.

I tried adding the $conn, and it still has the same errors.

Hmmm....
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
<quote> But it is correct in my actual code.</quote>

Then let's see the "actual code" - it makes no sense to debug something that is hypothetical.

Obscure the passwords and post the actual code, please.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
I'm wondering about that mysql_connect() command.  See the man page here:
http://us3.php.net/manual/en/function.mysql-connect.php

Not sure about that fourth argument.

Here is how I connect - and mysql_real_escape_string() works fine for me!  warning_RAY() is a local function, but the concept should be clear.
<?php // ../db_cx.php IN THE ROOT DIRECTORY (above WWW)
 
$db_host	= "localhost";
$db_name	= "n";
$db_user	= "u";
$db_word	= "p";
 
// CONNECT TO THE DATA BASE SERVER
if (!$db_connection = @mysql_connect("$db_host", "$db_user", "$db_word")) {
	$errmsg	= mysql_errno() . ' ' . mysql_error();
	echo "\n\n\n\n<!-- ! db_connection -->";
	echo "\n<!-- $errmsg -->\n\n\n\n";
	warning_RAY($errmsg);
}
 
// SELECT THE DATA BASE
if (!$db_sel = @mysql_select_db($db_name, $db_connection)) {
	$errmsg	= mysql_errno() . ' ' . mysql_error();
	echo "\n\n\n\n<!-- ! db_sel -->";
	echo "\n<!-- $errmsg -->\n\n\n\n";
	warning_RAY($errmsg);
}
 
?>

Open in new window

Avatar of privateland
privateland
Flag of United States of America image

ASKER

Sorry for the mistake.
<?php
session_start();
 
include ("databaseinfo.php");
 
$username=$_SESSION['username'];
 
$username=htmlspecialchars($username);
$username_sq=mysql_real_escape_string($username);

Open in new window

Avatar of privateland
privateland
Flag of United States of America image

ASKER

Okay, let me also say that pages before that used the same "databaseinfo.php" connected with no problem.  The only thing I changed this morning was that I added this part to make things more secure:
$username=htmlspecialchars($username);
$username_sq=mysql_real_escape_string($username);

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Please post the ACTUAL db-connect code that you have in databaseinfo.php - obscure the password.

Thanks.
Avatar of privateland
privateland
Flag of United States of America image

ASKER

Also, let me point out later that I do use Line 9 to talk to the db.  When I just used "username" instead of "username_sq" everything worked, but because I added the security, the warnings popped up.

I'm sorry if I'm not including everything.  I didn't know exactly what you needed to make heads or tails of the warnings.
$sql="SELECT * FROM Customers WHERE username='$username_sq'";
$result = mysql_query($sql);

Open in new window

Avatar of privateland
privateland
Flag of United States of America image

ASKER

I did post the actual code.  But I felt more comfortable obscuring the $user, $host, $password, and $database.  But the code itself is exact.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Looks like your data base is named "Database" and notwithstanding the $database variable, the connection is hardwired.  This is the sort of thing that could lead to trouble.

I am almost certain you do not want the fourth argument in mysql_connect() -- please see the man page here: http://us3.php.net/manual/en/function.mysql-connect.php
<?php
        $user="user";
        $host="IP addy";
        $password="password";
        $database="Database";
$conn = mysql_connect ($host, $user, $password, $database);
 
if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
}
 
mysql_select_db($database, $conn);
 
if (!mysql_select_db("Database")) {
    echo "Unable to select Customer Data: " . mysql_error();
    exit;
}
 
?>

Open in new window

Avatar of privateland
privateland
Flag of United States of America image

ASKER

I see.  So it should look more like this?....
<?php
        $user="user";
        $host="IP addy";
        $password="password";
        $database="Database";
$conn = mysql_connect ($host, $user, $password);
 
if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
}
 
mysql_select_db($database, $conn);
 
if (!mysql_select_db("Database")) {
    echo "Unable to select Customer Data: " . mysql_error();
    exit;
}
 
?>

Open in new window

Avatar of privateland
privateland
Flag of United States of America image

ASKER

Okay, I understand that part of it a little more.  However, that doesn't do anything for my Warnings.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Maybe more like this... Note the mysql_select_db() difference
<?php
        $user="user";
        $host="IP addy";
        $password="password";
        $database="Database";
$conn = mysql_connect ($host, $user, $password);
 
if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
}
 
mysql_select_db($database, $conn);
 
if (!mysql_select_db("$database")) {
    echo "Unable to select Customer Data: " . mysql_error();
    exit;
}
 
?>

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Thanks for the points, but pray tell - what fixed it?