Go4Expert - warning in mysql_real_escape

Go4Expert (http://www.go4expert.com/)

- PHP (http://www.go4expert.com/forumdisplay.php?f=26)

- - warning in mysql_real_escape_string (http://www.go4expert.com/showthread.php?t=25748)

warning in mysql_real_escape_string

Good day!

I am new in template in php like calling the .html webpage in php and I encountered warning in mysql_real_escape_string

here is my code:

PHP Code:


		
			
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
include('includes/config.sender.php');
include('includes/template.inc');


session_start();

  if (isset($_SESSION['logged_in'])) {
     header('Location:machine1.php');
     die();
  }


 if (isset($_POST['submit'])) {
    $username=$_POST['username']; 
    $password=$_POST['password'];


    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string(sha1($password));
    
    //$username = $_DB->getEscaped($username);
    //$password = $_DB->getEscaped(sha1($password));


    //mysql_query("UPDATE machine_problem_rhoda_user SET password = '$password' WHERE username = '$username'");
    
    $sql_update = "UPDATE machine_problem_rhoda_user SET 
                    password = '$password', 
               WHERE username = '$username'";
    
    $sql_select = "SELECT
                    username,
                    password
               FROM
                    machine_problem_rhoda_user
               WHERE
                       username='$username'
                    AND
                    password='$password'
                    ";
                    
    $result = $_DB->opendb($sql_select);

    $result=mysql_query($sql_select);
    
    $count=mysql_num_rows($result);

    if($count==1){  
        $_SESSION['logged_in'] = true;
        header("location:machine1.php");
    }
    else {
    echo "<center>";
    echo "Wrong Username or Password";
    echo "</center>";
    }
}

$tpl = new Template('.', 'keep');
$tpl->set_file(array('handle' => 'html/index.html'));
$tpl->parse('handle', array('handle'));
$tpl->p('handle');
?>

And I got this warning:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

Re: warning in mysql_real_escape_string

Your not opening a MySQL connection is why there is that error. MySQL's engine does the escaping not php which is why its mysql_real_escape_string(); also try error suppression so you can test it via if statement and display your desired error message. Make a new .php file and name it dbconfig.php set your database connection in it and include it in this file. You could also use a simple php CRUD implementation to since your queries are fairly simple it would save you in code time. try these orm to help speed your code up and simplify it to.

ORM
http://www.propelorm.org/

Framework
http://www.akelos.org/

or new file

PHP Code:


		
			
<?php

//database config
$DB['host'] = 'localhost';
$DB['port'] = 36;
$DB['username'] = 'root';
$DB['password'] = '';

if($DB[port] == NULL || $DB[port] == 36)
{

$DBCONN = @mysql_connect($DB[host],$DB[username],$DB[password]);
$DBSELECT = @mysql_select_db("table_here",$DBCONN);
if(!$DBCONN)
{

echo "Could not connect to database";

}
if(!$DBSELECT)
{

echo "could not select that database";

}


}
else
{

$DBCONN = @mysql_connect($DB[host] . ":" . $DB[port],$DB[username],$DB[password]);
$DBSELECT = @mysql_select_db("table_here",$DBCONN);
if(!$DBCONN)
{

echo "Could not connect to database";

}
if(!$DBSELECT)
{

echo "could not select that database";

}

}




?>

this way is bad since your fixed with just one table but you get the gist of it right? This keep a connection open and you could just remove the select db or use a new one as an override.

Re: warning in mysql_real_escape_string

better to use trim(htmlspecialchars(value)) instead of mysql_real_escape_string function

Re: warning in mysql_real_escape_string