All geek questions in one place

PHP mysql_real_escape_string (): Access denied for user 'www-data' @ 'localhost'

I just uploaded my website to a production server and I got an error:

Warning: mysql_real_escape_string(): Access denied for user 'www-data'@'localhost' (using password: NO) in file.php on line 106 Warning: mysql_real_escape_string(): A link to the server could not be established in file.php on line 106

function code

 include('./../inc/conn.php'); if(isset($_GET['query']))$q = clean($_GET['query']); function clean($var){ return(mysql_real_escape_string($var)); }

code inc / conn.php:

 try { $dns = 'mysql:host=localhost;dbname=mydatabase'; $user = 'root'; $pw = 'rootpw'; $options = array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8", PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ); $db = new PDO( $dns, $user, $pw, $options ); } catch ( Exception $e ) { echo "Connection error : ", $e->getMessage(); die(); }

I really don't know what is going on since I have no problem on my local ubuntu dev server. The version of Mysql, apache and php are the same. The only thing I use is a virtual host on the apache proxy server. I don’t know what is happening ... Is there something I missed in one of the apache or php configurations?

Edit Here are my rights to the folder:

 sudo ls -l /home/user/public/domain.com/www/ total 28 drwxrwxr-x 13 user www-data 4096 Aug 22 12:30 adodb5 drwxrwxr-x 2 user www-data 4096 Aug 22 12:30 ajax drwxrwxr-x 2 user www-data 4096 Aug 22 12:31 css drwxrwxr-x 9 user www-data 4096 Aug 22 12:33 gfx drwxrwxr-x 2 user www-data 4096 Aug 22 12:33 inc drwxrwxr-x 2 user www-data 4096 Aug 22 12:34 js

my apache virtual host configuration

 <VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin contact@domain.com ServerName www.domain.com ServerAlias domain.com # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /home/user/public/domain.com/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/user/public/domain.com/www> Options FollowSymLinks AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> # Log file locations LogLevel warn ErrorLog /home/user/public/domain.com/log/error.log CustomLog /home/user/public/domain.com/log/access.log combined </VirtualHost>

Edit 2

Ok, so the problem was that I did not have www data users on mysql server. So I just added user www data without password and no privileges in mysql, and it works fine. I will be trying to use a PDO quote in the future, as many mention. Thanks to everyone who is trying to help me.

+4
source share
5 answers

Please note that this answer is horrible and exposes you to security vulnerabilities. This is the wrong decision. Do not do it. See the actual solution to the problem below. The fact that this answer is accepted means that two people did not know what they were doing.

This is because you do not have www data in the mysql database!

You can add www-data user via phpmyadmin and give this user no privileges and it should work

-thirteen
source

You are using PDO or using the mysql extension, do not use both at the same time. mysql_real_escape_string is a mysql extension function. To work requires a connection to the database. When called, it tries to establish a connection if one has not previously been established using mysql_connect , taking into account the necessary credentials. On your local computer, you apparently do not have password protection, and the account name for the MySQL user is the same as the name of the web server, so this, fortunately, works. In the production system, the credentials are different and cannot establish a connection.

Stop using mysql_real_escape_string with PDO. Either use the functions of PDO string quotes, or, better, use prepared and parameterized queries and bind your values .

+11
source

mysql_real_escape_string needs a valid link id ( mysql_connect() returned), see http://php.net/manual/en/function.mysql-real-escape-string.php

link_identifier: MySQL connection. If no link identifier is specified, the last link assumed by mysql_connect() assumed. If no such link is found, it will try to create one as if mysql_connect() was called without arguments. If the connection is not found or not established, an error of level E_WARNING is generated.

Your connection is opened by PDO, so you do not have a valid link identifier for mysql_real_escape_string .

Try using PDO::quote

+3
source

I had the same problem when trying to change user search in the Wordpress backend, and the missing thing was the proper db connection (also mysql_real_escape_string () was deprecated). Globals are defined in wp-config.php.

This is a working function. Note the $ con variable. A more detailed description is here .

 if(is_admin()) { add_action( 'pre_user_query', 'user_search_by_email' ); function user_search_by_email($wp_user_query) { if(false === strpos($wp_user_query->query_where, '@') && !empty($_GET["s"])) { $con = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME); $wp_user_query->query_where = str_replace( "user_nicename LIKE '%".mysqli_real_escape_string($con, $_GET["s"])."%'", "user_nicename LIKE '%".mysqli_real_escape_string($con, $_GET["s"])."%' OR user_email LIKE '%".mysqli_real_escape_string($con, $_GET["s"])."%'", $wp_user_query->query_where); mysqli_close($con); } return $wp_user_query; } }
+1
source

This problem occurs when database connections are established in mysqli, to solve this problem and use mysql_real_escape_string (), even if mysqli is installed. Just go to php.ini and find: mysql.default_user and set the default value for the user, for example: mysql.default_user = root

and restart apache, your problem is solved now. enjoy

+1
source

Source: https://habr.com/ru/post/1498358/

More articles:


All Articles