1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

warning in mysql_real_escape_string

Discussion in 'PHP' started by newphpcoder, May 10, 2011.

  1. newphpcoder

    newphpcoder New Member

    Joined:
    Sep 24, 2010
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Web Programmer
    Location:
    Philippines
    Good day!

    I am new in template in php like calling the .html webpage in php and I encountered warning in mysql_real_escape_string

    here is my code:
    PHP:
    <?php
    error_reporting
    (E_ERROR E_WARNING E_PARSE);
    include(
    'includes/config.sender.php');
    include(
    'includes/template.inc');


    session_start();

      if (isset(
    $_SESSION['logged_in'])) {
         
    header('Location:machine1.php');
         die();
      }


     if (isset(
    $_POST['submit'])) {
        
    $username=$_POST['username']; 
        
    $password=$_POST['password'];


        
    $username mysql_real_escape_string($username);
        
    $password mysql_real_escape_string(sha1($password));
        
        
    //$username = $_DB->getEscaped($username);
        //$password = $_DB->getEscaped(sha1($password));


        //mysql_query("UPDATE machine_problem_rhoda_user SET password = '$password' WHERE username = '$username'");
        
        
    $sql_update "UPDATE machine_problem_rhoda_user SET 
                        password = '
    $password', 
                   WHERE username = '
    $username'";
        
        
    $sql_select "SELECT
                        username,
                        password
                   FROM
                        machine_problem_rhoda_user
                   WHERE
                           username='
    $username'
                        AND
                        password='
    $password'
                        "
    ;
                        
        
    $result $_DB->opendb($sql_select);

        
    $result=mysql_query($sql_select);
        
        
    $count=mysql_num_rows($result);

        if(
    $count==1){  
            
    $_SESSION['logged_in'] = true;
            
    header("location:machine1.php");
        }
        else {
        echo 
    "<center>";
        echo 
    "Wrong Username or Password";
        echo 
    "</center>";
        }
    }

    $tpl = new Template('.''keep');
    $tpl->set_file(array('handle' => 'html/index.html'));
    $tpl->parse('handle', array('handle'));
    $tpl->p('handle');
    ?>
    And I got this warning:

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21
     
  2. pein87

    pein87 New Member

    Joined:
    Aug 6, 2010
    Messages:
    173
    Likes Received:
    47
    Trophy Points:
    0
    Occupation:
    Web Dev
    Location:
    Limbo
    Your not opening a MySQL connection is why there is that error. MySQL's engine does the escaping not php which is why its mysql_real_escape_string(); also try error suppression so you can test it via if statement and display your desired error message. Make a new .php file and name it dbconfig.php set your database connection in it and include it in this file. You could also use a simple php CRUD implementation to since your queries are fairly simple it would save you in code time. try these orm to help speed your code up and simplify it to.

    ORM
    http://www.propelorm.org/

    Framework
    http://www.akelos.org/

    or new file
    PHP:
    <?php

    //database config
    $DB['host'] = 'localhost';
    $DB['port'] = 36;
    $DB['username'] = 'root';
    $DB['password'] = '';

    if(
    $DB[port] == NULL || $DB[port] == 36)
    {

    $DBCONN = @mysql_connect($DB[host],$DB[username],$DB[password]);
    $DBSELECT = @mysql_select_db("table_here",$DBCONN);
    if(!
    $DBCONN)
    {

    echo 
    "Could not connect to database";

    }
    if(!
    $DBSELECT)
    {

    echo 
    "could not select that database";

    }


    }
    else
    {

    $DBCONN = @mysql_connect($DB[host] . ":" $DB[port],$DB[username],$DB[password]);
    $DBSELECT = @mysql_select_db("table_here",$DBCONN);
    if(!
    $DBCONN)
    {

    echo 
    "Could not connect to database";

    }
    if(!
    $DBSELECT)
    {

    echo 
    "could not select that database";

    }

    }




    ?>
    this way is bad since your fixed with just one table but you get the gist of it right? This keep a connection open and you could just remove the select db or use a new one as an override.
     
  3. underground_devil

    underground_devil New Member

    Joined:
    Jan 24, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    PHP developer ,trainer
    Location:
    Punjab
    better to use trim(htmlspecialchars(value)) instead of mysql_real_escape_string function
     
  4. tuyenthanhnet

    tuyenthanhnet New Member

    Joined:
    Jun 25, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    mysql server died
     

Share This Page