Solved

problem with real_escape_string on remote server

Posted on 2013-02-03
24
204 Views
Last Modified: 2013-02-17
hi
first, on my local machine this code works exactly as expected. but on remote server i get the error:
mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

at some point in my application i have this call:
$alts = sanitize_array($_POST[ 'allalts' ]);

Open in new window


the function is very simple:
function sanitize_array($array)
{
                     $sanitize = array_map(
                             'strip_tags' ,
                             array_map(
                                     'mysql_real_escape_string',
                                             $array
                                     )
                             );
                     return $sanitize;
}

Open in new window


since i do get and work with my database on the remote server i do not get why i get this error.

what am i missing here?
0
Comment
Question by:derrida
  • 12
  • 6
  • 6
24 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
'mysql_real_escape_string' is a function, not data you can put in an array.  http://php.net/manual/en/function.mysql-real-escape-string.php  In order to use it, you also have to open the connection to the database first.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I just re-read your question.  It sounds like you haven't changed the host name to that of the remote host because you're getting a 'localhost' error.
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
but my ini file does use the remote server and all else does connect to the database correctly.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
... does connect to the database correctly
How do you know that?  Here is a teaching example showing how to connect to a MySQL server and how to detect a connect/select error.  Put your own credentials in lines 25-29 and run it to see the script in action.

<?php // RAY_EE_mysql_example.php
ini_set('display_errors', TRUE);
error_reporting(E_ALL);
echo '<pre>';


// WORTH READING
// http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

// THE ABSOLUTE MINIMUM YOU MUST UNDERSTAND TO USE PHP AND MYSQL
// MAN PAGE: http://php.net/manual/en/ref.mysql.php
// MAN PAGE: http://php.net/manual/en/mysql.installation.php
// MAN PAGE: http://php.net/manual/en/function.mysql-connect.php
// MAN PAGE: http://php.net/manual/en/function.mysql-select-db.php
// MAN PAGE: http://php.net/manual/en/function.mysql-real-escape-string.php
// MAN PAGE: http://php.net/manual/en/function.mysql-query.php
// MAN PAGE: http://php.net/manual/en/function.mysql-errno.php
// MAN PAGE: http://php.net/manual/en/function.mysql-error.php
// MAN PAGE: http://php.net/manual/en/function.mysql-num-rows.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-array.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-assoc.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-object.php
// MAN PAGE: http://php.net/manual/en/function.mysql-insert-id.php

// DATABASE CONNECTION AND SELECTION VARIABLES - GET THESE FROM YOUR HOSTING COMPANY
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??";
$db_user = "??";
$db_word = "??";

// OPEN A CONNECTION TO THE DATA BASE SERVER
if (!$dbcon = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION TO $db_host: ";
    echo "<br/> $err <br/>";
}

// SELECT THE MYSQL DATA BASE
if (!mysql_select_db($db_name, $dbcon))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION to $db_name: ";
    echo "<br/> $err <br/>";
    die('NO DATA BASE');
}
// IF THE SCRIPT GETS THIS FAR IT CAN DO QUERIES
var_dump($dbcon);

Open in new window

HTH, ~Ray
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
hi ray
i know it since other contect and crud operation does work.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Please put your own credentials in lines 25-29, then install that script on both your localhost and on your remote server.  Then run it and post both outputs back here so we can see the results of the var_dump() on the last line.  Thanks, ~Ray
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
hi ray
 this is my output:

locally: resource(3) of type (mysql link)

remote server: resource(2) of type (mysql link)
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Wonder why the resource number is different?  In any case, here is the next test.

<?php // RAY_temp_derrida.php
ini_set('display_errors', TRUE);
error_reporting(E_ALL);
echo '<pre>';


// WORTH READING
// http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

// THE ABSOLUTE MINIMUM YOU MUST UNDERSTAND TO USE PHP AND MYSQL
// MAN PAGE: http://php.net/manual/en/ref.mysql.php
// MAN PAGE: http://php.net/manual/en/mysql.installation.php
// MAN PAGE: http://php.net/manual/en/function.mysql-connect.php
// MAN PAGE: http://php.net/manual/en/function.mysql-select-db.php
// MAN PAGE: http://php.net/manual/en/function.mysql-real-escape-string.php
// MAN PAGE: http://php.net/manual/en/function.mysql-query.php
// MAN PAGE: http://php.net/manual/en/function.mysql-errno.php
// MAN PAGE: http://php.net/manual/en/function.mysql-error.php
// MAN PAGE: http://php.net/manual/en/function.mysql-num-rows.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-array.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-assoc.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-object.php
// MAN PAGE: http://php.net/manual/en/function.mysql-insert-id.php

// DATABASE CONNECTION AND SELECTION VARIABLES - GET THESE FROM YOUR HOSTING COMPANY
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??";
$db_user = "??";
$db_word = "??";

// OPEN A CONNECTION TO THE DATA BASE SERVER
if (!$dbcon = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION TO $db_host: ";
    echo "<br/> $err <br/>";
}

// SELECT THE MYSQL DATA BASE
if (!mysql_select_db($db_name, $dbcon))
{
    $err = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION to $db_name: ";
    echo "<br/> $err <br/>";
    die('NO DATA BASE');
}
// IF THE SCRIPT GETS THIS FAR IT CAN DO QUERIES
var_dump($dbcon);

// USE THE ESCAPE FUNCTION
$x = mysql_real_escape_string("O'Reilly");
var_dump($x);

Open in new window

I will be in the classroom teaching all day, but I will check back this afternoon. Best regards, ~Ray
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
hi ray

locally: resource(3) of type (mysql link)
string(9) "O\'Reilly"

remote: resource(2) of type (mysql link)
string(9) "O\'Reilly"
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
never in my life did i have it that on my local machine all works, but once on the remote server so many issues.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Well, we know that the connection is working and the function is working.  Who is the hosting company for the remote server?
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
godaddy
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:derrida
Comment Utility
ray?
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
Sorry to hear it's GoDaddy.  You will not get much help from them.  I have found in the past that they have overloaded their SQL servers to the point that the MySQL connections sometimes failed.  In my case it was an intermittent failure, that could sometimes be remedied by getting them to move the application to a new server.  This typically required hours on the telephone trying to get their eye on the ball; they seem organically predisposed to deny responsibility for any possible error condition, even when any sensible person could see that the errors were completely the fault of the hosting company.

So we are left with a couple of options.  In your script, does the error always occur with very high repeatability?  If the little test script runs correctly every time and your script fails every time, it would seem that we need to begin reducing your script to the SSCCE that demonstrates the failure.  However if your script is failing intermittently, then your choices are (1) leave GoDaddy and move to a more professional hosting company or (2) try to get GoDaddy to live up to their responsibility to provide stable and reliable configurations.
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
hi
this is exactly my experience with them at this point.they have support that do nothing and they deny anything can be wrong with them.
i cannot be over the phone with them since i am not from the USA, and it cost a lot.
the error is consistent, and i am at the process of testing very small chanks of code.
the thing is that have built my mvc and checked it a lot on local machine, and i thought that moving to a remote server will cose some issues , but it a huge amount of problems, when locally all works as expected.

until i decide ,can you suggest some good hosting companies? with good support?

thanks
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I use and am glad to recommend ChiHost.com.   I have also had good experience with Hostgator, BlueHost, DreamHost and LiquidWeb.  I try to avoid GoDaddy and SiteGround.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
For what it's worth, this runs perfectly on both Linux and Windows hosting on Godaddy with PHP 5.2.17 on both.
<?php 
include_once("db.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>PHP array_map</title>
</head>
<body>
<h1>PHP array_map</h1>
<?php 
function sanitize_array($array) {
	$sanitize = array_map('strip_tags', array_map('mysql_real_escape_string', $array));
return $sanitize;
}

$arrayz = array("<p>This is O'Reilly.</p>","That's not.","Your's isn't right.");
echo "<pre>";
var_dump($arrayz);
echo "<br>&nbsp;<br>";
var_dump(sanitize_array($arrayz));
echo "</pre>";
?>
</body>
</html>

Open in new window


And this is the results.
array(3) {
  [0]=>
  string(24) "

This is O'Reilly.
"
  [1]=>
  string(11) "That's not."
  [2]=>
  string(19) "Your's isn't right."
}

 
array(3) {
  [0]=>
  string(18) "This is O\'Reilly."
  [1]=>
  string(12) "That\'s not."
  [2]=>
  string(21) "Your\'s isn\'t right."
}

Open in new window

0
 
LVL 1

Author Comment

by:derrida
Comment Utility
i took your code and i still get the error.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Did you put the code to open your database connection in place of "include_once("db.php");"?  On my site, that is what is in "db.php".
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
hi
well as i said earlier, all my crud operations does work. there is an open connection to the database. and that is working on my local machine without any problems.
it does not make any sense to reconnect again.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
it does not make any sense to reconnect again.

Sorry, it does not work that way.  Every PHP script has to reconnect to the database when it runs because PHP closes the connection at the end of the script whether you tell it to or not.  It does not stay open.

http://www.php.net/manual/en/function.mysql-connect.php

Even if you are using "Persistent Database Connections", you still have to have the 'connect' code in your script for PHP to go find the 'persistent' connection.  Without the 'mysql_connect' function, you do not have a usable connection in your script.

http://www.php.net/manual/en/features.persistent-connections.php
0
 
LVL 1

Author Comment

by:derrida
Comment Utility
i know that. the file that use the connection is included thru all the application and that what makes everything else work.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I'm confused.  My demo code doesn't run as part of your application.  It needs to make a connection to the database for it to work.  Did you modify it to include your database connection?
0
 
LVL 1

Author Closing Comment

by:derrida
Comment Utility
godaddy sucks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now