All geek questions in one place

Access error while using mysql_real_escape_string ()

I try to avoid some data before they enter my database, but I keep getting this error:

Warning: mysql_real_escape_string(): Access denied for user

Now this usually assumes that I have not connected to the database (it also indicates (using password: NO)).

I was a little confused by this because when I connect to the database I have a "die" clause, so if it cannot contact, I will talk about it. So I tested this theory by executing a simple query in the same function that im is trying to avoid data, and this works fine.

So why on earth the escape method will not work or get a connection to the database. I noticed that the user that the error points to is not the user I use to access the database, something like "www-data @localhost". Can he try to log in with another user, if so, why and how? Since the escape function works very well in another area of ​​my website, and I did not do anything special to make it work, I just added the code to my web page.

thanks for the help.

Are there other ways to clear my code?

Okay, so when we submit the form, I use AJAX to collect the data and put it in obj for publication (JSON coding) for the first PHP script, which is located here:

http://codepad.org/kGPljN4I

This script checks all the data and then calls a function to add to the database

this Mysql class is called to delete the data, and then adds a new record to the database, when the class instance is created, it makes a connection to the database:

http://codepad.org/wwGNrTJm

The third file for constants, it contains information for the database, for example pass, user, etc.:

http://codepad.org/dl0QQbi9

it's better?

Thanks again for the help.

+4
source share
3 answers

The problem is that you made the connection using MySQLi , but then you call mysql_real_escape_string() . You intend to call mysqli_real_escape_string() either in a procedural context or in an object-oriented context.

 class Mysql { private $conn; function __construct() { $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('No Connection to database!'); } function add_non_member($data) { $email = $data->email; // Procedural call $san_email = mysqli_real_escape_string($this->conn, $email); // Or OO call (recommended) $san_email = $this->conn->real_escape_string($email); // etc... } // etc...; }
+9
source

You mix ext / mysqli

 $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME

with ext / mysql functions:

 $san_email = mysql_real_escape_string($email);

what the last line should be

 $san_email = $this->conn->real_escape_string($email);
+3
source

I also received this warning about denied access and I was able to find a solution. The problem is that I did not establish a mysql db connection before calling the mysql_real_escape_string function.

Decision:

  • First call mysql_connect ($ host, $ user, $ password) (or you can call the database connection function).
  • Then use mysql_real_escape_string ($ var)
0
source

Source: https://habr.com/ru/post/1399359/

More articles:


All Articles