Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user
Solution 1
Youre getting the error because youre trying to use mysql_real_escape_string
without an active ext/mysql
connection resource for the DB. This is because you're using PDO and so you have only established a PDO connection. The two families of functions are not interchangeable.
WRONG
$id = mysql_real_escape_string($id);
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
$sth->execute();
CORRECT
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = ?");
$sth->execute(array($id));
OR you could use named placeholders:
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = :id");
$sth->execute(array(':id' => $id));
With prepared statements the parameters in the query are escaped internally in the implementation, this is one of the big pluses to using them. If for some reason you DO need to manually escape string parts of a query then you need to use the PDO escaping function PDO::quote
Solution 2
You shouldn't use mysql_real_escape_string when your using a data-access abstraction layer like PDO.
Your probably experience erros on your prod as you maybe have another display_errors setting there.
The session warning should be solved by moving session_start(); to the the top of your file, where your using it.
CodeTalk
Updated on June 05, 2022Comments
-
CodeTalk almost 2 years
Html Form Submitted from
<?php //////////////////////////////////////////////////////////////////////////////////// ###### Require Database ###### //////////////////////// require_once('src/cfg/dbi.php'); //////////////////////////////////////////////////////////////////////////////////// ###### Call Session Functions Include ###### //////////////////////// require_once('src/cfg/sess_function.php'); //////////////////////// ###### Call function as contained in sess_function() ###### // session_set_save_handler('_open','_close','_read','_write','_destroy','_clean'); // ###### Start session ###### //////////////////////////////////////////////////////// session_start(); /////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////// #fullname, email, password // Verify input was even provided if (isset($_POST['fullname']) && isset($_POST['email']) && isset($_POST['password'])) { // Clean Input $userName = mysql_real_escape_string($_POST['fullname']); $userEmailAddress = mysql_real_escape_string($_POST['email']); $userPassword = mysql_real_escape_string($_POST['password']); # hash cleaned pass... $dynamSalt = mt_rand(20,9999); $userPassword = hash('sha512',$dynamSalt.$userPassword); # connect database, then prepare, and finally perform query… #require_once('src/cfg/dbi.php'); try{ $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass); $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); // INSERT CLEAN DATA INTO TABLE… $sth = $dbh->prepare(" INSERT INTO Fan(fanNm,fanEmail,fanPass,fanDynamSalt) VALUES('$userName','$userEmailAddress','$userPassword','$dynamSalt')" ); $sth->execute(); //////////////////////////////////////////////////////////////////// ## Set Session Var for this PK ID in Fan table that is being created ## //////////////////////////////////////////////////////////////////// $_SESSION['newUserSessID'] = $dbh->lastInsertId(); } //try catch(PDOException $e){ #echo "Oops, We're experiencing an error.INSERTING NEW FAN"; file_put_contents('/PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND); } //catch } else{ // Redirect back to login form header('../index.php'); //*SHOW ERRORS*// }
The file dbi.php:
<?php ####### DB Config Setting ####### $host ='localhost'; ////////////// $dbname ='thedatabasesnamehere';////////// $user ='theuser'; ////////////// $pass ='thepass'; ////////////// ///////////////////////////////// ?>
session_function.php - contains 6 sessions functions
<?php function _open() { try{ // Open the database global $dbname, $host,$user,$pass; $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass); $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); #echo "<DIV STYLE='COLOR:RED;'>"."CONNECTED!!"."</DIV>"; } //try catch(PDOException $e){ #echo "Oops, We're experiencing an error CONNECTING."; file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND); } //catch } ## Kill Connection to Mysql (Using PDO) function _close(){ $dbh = null; } ## Read a current session function _read($id){ try{ // Open the database global $dbname,$host,$user,$pass; $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass); $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); // Begin Query $id = mysql_real_escape_string($id); $sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'"); $sth->execute(); } catch(PDOException $e){ #echo "Oops, We're experiencing an error. READING"; file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND); } //catch ## return ''; } ## + other functions
Getting these warnings/errors when I fill out the 4 html inputs... :
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 30 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established on line 30 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started atsess_function.php:30) in on line 12 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started atsess_function.php:30) in on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 21
Anyone see what I'm doing wrong?? It works perfect on a local machine.. but as soon as I bring it online, it gives me these errors. On the server I have
PHP Version 5.2.17 and localhost is 5.3.1
??