Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   warning in mysql_real_escape_string (http://www.go4expert.com/forums/warning-in-mysqlrealescapestring-t25748/)

newphpcoder 10May2011 18:50

warning in mysql_real_escape_string
 
Good day!

I am new in template in php like calling the .html webpage in php and I encountered warning in mysql_real_escape_string

here is my code:
PHP Code:

<?php
error_reporting
(E_ERROR E_WARNING E_PARSE);
include(
'includes/config.sender.php');
include(
'includes/template.inc');


session_start();

  if (isset(
$_SESSION['logged_in'])) {
     
header('Location:machine1.php');
     die();
  }


 if (isset(
$_POST['submit'])) {
    
$username=$_POST['username']; 
    
$password=$_POST['password'];


    
$username mysql_real_escape_string($username);
    
$password mysql_real_escape_string(sha1($password));
    
    
//$username = $_DB->getEscaped($username);
    //$password = $_DB->getEscaped(sha1($password));


    //mysql_query("UPDATE machine_problem_rhoda_user SET password = '$password' WHERE username = '$username'");
    
    
$sql_update "UPDATE machine_problem_rhoda_user SET 
                    password = '
$password', 
               WHERE username = '
$username'";
    
    
$sql_select "SELECT
                    username,
                    password
               FROM
                    machine_problem_rhoda_user
               WHERE
                       username='
$username'
                    AND
                    password='
$password'
                    "
;
                    
    
$result $_DB->opendb($sql_select);

    
$result=mysql_query($sql_select);
    
    
$count=mysql_num_rows($result);

    if(
$count==1){  
        
$_SESSION['logged_in'] = true;
        
header("location:machine1.php");
    }
    else {
    echo 
"<center>";
    echo 
"Wrong Username or Password";
    echo 
"</center>";
    }
}

$tpl = new Template('.''keep');
$tpl->set_file(array('handle' => 'html/index.html'));
$tpl->parse('handle', array('handle'));
$tpl->p('handle');
?>

And I got this warning:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

pein87 11May2011 07:26

Re: warning in mysql_real_escape_string
 
Your not opening a MySQL connection is why there is that error. MySQL's engine does the escaping not php which is why its mysql_real_escape_string(); also try error suppression so you can test it via if statement and display your desired error message. Make a new .php file and name it dbconfig.php set your database connection in it and include it in this file. You could also use a simple php CRUD implementation to since your queries are fairly simple it would save you in code time. try these orm to help speed your code up and simplify it to.

ORM
http://www.propelorm.org/

Framework
http://www.akelos.org/

or new file
PHP Code:

<?php

//database config
$DB['host'] = 'localhost';
$DB['port'] = 36;
$DB['username'] = 'root';
$DB['password'] = '';

if(
$DB[port] == NULL || $DB[port] == 36)
{

$DBCONN = @mysql_connect($DB[host],$DB[username],$DB[password]);
$DBSELECT = @mysql_select_db("table_here",$DBCONN);
if(!
$DBCONN)
{

echo 
"Could not connect to database";

}
if(!
$DBSELECT)
{

echo 
"could not select that database";

}


}
else
{

$DBCONN = @mysql_connect($DB[host] . ":" $DB[port],$DB[username],$DB[password]);
$DBSELECT = @mysql_select_db("table_here",$DBCONN);
if(!
$DBCONN)
{

echo 
"Could not connect to database";

}
if(!
$DBSELECT)
{

echo 
"could not select that database";

}

}




?>

this way is bad since your fixed with just one table but you get the gist of it right? This keep a connection open and you could just remove the select db or use a new one as an override.

underground_devil 14May2011 10:20

Re: warning in mysql_real_escape_string
 
better to use trim(htmlspecialchars(value)) instead of mysql_real_escape_string function

tuyenthanhnet 26Jun2011 09:48

Re: warning in mysql_real_escape_string
 
mysql server died


All times are GMT +5.5. The time now is 00:22.