CODEWITHSUNDEEP
phpmysqlconnectionpdodatabase-connection
CodeTalk
CodeTalk

Reputation: 3667

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user

Html Form Submitted from

<?php
////////////////////////////////////////////////////////////////////////////////////
###### Require Database ######                              ////////////////////////
require_once('src/cfg/dbi.php');

////////////////////////////////////////////////////////////////////////////////////
###### Call Session Functions Include ######                ////////////////////////            
require_once('src/cfg/sess_function.php');                  ////////////////////////
###### Call function as contained in sess_function() ######                       //
session_set_save_handler('_open','_close','_read','_write','_destroy','_clean');  //                            
###### Start session ###### ////////////////////////////////////////////////////////
session_start(); ///////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////



#fullname, email, password
    // Verify input was even provided
if (isset($_POST['fullname']) && isset($_POST['email']) && isset($_POST['password'])) {
    // Clean Input
    $userName = mysql_real_escape_string($_POST['fullname']); 
    $userEmailAddress = mysql_real_escape_string($_POST['email']); 
    $userPassword = mysql_real_escape_string($_POST['password']);

    # hash cleaned pass...
    $dynamSalt = mt_rand(20,9999); 
    $userPassword = hash('sha512',$dynamSalt.$userPassword);

    # connect database, then prepare, and finally perform query…
    #require_once('src/cfg/dbi.php');
    try{
        $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
        $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
        // INSERT CLEAN DATA INTO TABLE…
        $sth = $dbh->prepare("
        INSERT INTO Fan(fanNm,fanEmail,fanPass,fanDynamSalt)
        VALUES('$userName','$userEmailAddress','$userPassword','$dynamSalt')"
        );
        $sth->execute();
        ////////////////////////////////////////////////////////////////////
        ## Set Session Var for this PK ID in Fan table that is being created ##
        ////////////////////////////////////////////////////////////////////
        $_SESSION['newUserSessID'] = $dbh->lastInsertId();

    } //try

    catch(PDOException $e){
            #echo "Oops, We're experiencing an error.INSERTING NEW FAN";
            file_put_contents('/PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
    } //catch

}
else{
    // Redirect back to login form
    header('../index.php');
    //*SHOW ERRORS*// 

}

The file dbi.php:

<?php
####### DB Config Setting #######
$host ='localhost'; //////////////
$dbname ='thedatabasesnamehere';//////////
$user ='theuser';      //////////////
$pass ='thepass';          //////////////
/////////////////////////////////
?>

session_function.php - contains 6 sessions functions

    <?php
    function _open()
    {
        try{
            // Open the database
            global $dbname, $host,$user,$pass;
            $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
            $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
            #echo "<DIV STYLE='COLOR:RED;'>"."CONNECTED!!"."</DIV>";
        } //try
        catch(PDOException $e){
            #echo "Oops, We're experiencing an error CONNECTING.";
            file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
        } //catch
    }   

    ## Kill Connection to Mysql (Using PDO) 
    function _close(){
    $dbh = null;
    }

    ## Read a current session 
    function _read($id){
        try{
            // Open the database
            global $dbname,$host,$user,$pass;
            $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
            $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
            // Begin Query
            $id = mysql_real_escape_string($id);
            $sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
            $sth->execute();

        }
        catch(PDOException $e){
            #echo "Oops, We're experiencing an error. READING";
            file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
        } //catch

        ## return '';
    }

## + other functions

Getting these warnings/errors when I fill out the 4 html inputs... :

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO)  on line 30

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established  on line 30

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started atsess_function.php:30) in on line 12

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started atsess_function.php:30) in on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 21

Anyone see what I'm doing wrong?? It works perfect on a local machine.. but as soon as I bring it online, it gives me these errors. On the server I have PHP Version 5.2.17 and localhost is 5.3.1 ??

Upvotes: 2

Views: 18677

Answers (2)

prodigitalson
prodigitalson

Reputation: 60413

Youre getting the error because youre trying to use mysql_real_escape_string without an active ext/mysql connection resource for the DB. This is because you're using PDO and so you have only established a PDO connection. The two families of functions are not interchangeable.

WRONG

$id = mysql_real_escape_string($id);
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
$sth->execute();

CORRECT

$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = ?");
$sth->execute(array($id));

OR you could use named placeholders:

$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = :id");
$sth->execute(array(':id' => $id));

With prepared statements the parameters in the query are escaped internally in the implementation, this is one of the big pluses to using them. If for some reason you DO need to manually escape string parts of a query then you need to use the PDO escaping function PDO::quote

Upvotes: 10

mewm
mewm

Reputation: 1277

You shouldn't use mysql_real_escape_string when your using a data-access abstraction layer like PDO.

Your probably experience erros on your prod as you maybe have another display_errors setting there.

The session warning should be solved by moving session_start(); to the the top of your file, where your using it.

Upvotes: 1

Related Questions