Good day! I am new in template in php like calling the .html webpage in php and I encountered warning in mysql_real_escape_string here is my code: PHP: <?phperror_reporting(E_ERROR | E_WARNING | E_PARSE);include('includes/config.sender.php');include('includes/template.inc');session_start(); if (isset($_SESSION['logged_in'])) { header('Location:machine1.php'); die(); } if (isset($_POST['submit'])) { $username=$_POST['username']; $password=$_POST['password']; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string(sha1($password)); //$username = $_DB->getEscaped($username); //$password = $_DB->getEscaped(sha1($password)); //mysql_query("UPDATE machine_problem_rhoda_user SET password = '$password' WHERE username = '$username'"); $sql_update = "UPDATE machine_problem_rhoda_user SET password = '$password', WHERE username = '$username'"; $sql_select = "SELECT username, password FROM machine_problem_rhoda_user WHERE username='$username' AND password='$password' "; $result = $_DB->opendb($sql_select); $result=mysql_query($sql_select); $count=mysql_num_rows($result); if($count==1){ $_SESSION['logged_in'] = true; header("location:machine1.php"); } else { echo "<center>"; echo "Wrong Username or Password"; echo "</center>"; }}$tpl = new Template('.', 'keep');$tpl->set_file(array('handle' => 'html/index.html'));$tpl->parse('handle', array('handle'));$tpl->p('handle');?> And I got this warning: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21
Your not opening a MySQL connection is why there is that error. MySQL's engine does the escaping not php which is why its mysql_real_escape_string(); also try error suppression so you can test it via if statement and display your desired error message. Make a new .php file and name it dbconfig.php set your database connection in it and include it in this file. You could also use a simple php CRUD implementation to since your queries are fairly simple it would save you in code time. try these orm to help speed your code up and simplify it to. ORM http://www.propelorm.org/ Framework http://www.akelos.org/ or new file PHP: <?php//database config$DB['host'] = 'localhost';$DB['port'] = 36;$DB['username'] = 'root';$DB['password'] = '';if($DB[port] == NULL || $DB[port] == 36){$DBCONN = @mysql_connect($DB[host],$DB[username],$DB[password]);$DBSELECT = @mysql_select_db("table_here",$DBCONN);if(!$DBCONN){echo "Could not connect to database";}if(!$DBSELECT){echo "could not select that database";}}else{$DBCONN = @mysql_connect($DB[host] . ":" . $DB[port],$DB[username],$DB[password]);$DBSELECT = @mysql_select_db("table_here",$DBCONN);if(!$DBCONN){echo "Could not connect to database";}if(!$DBSELECT){echo "could not select that database";}}?> this way is bad since your fixed with just one table but you get the gist of it right? This keep a connection open and you could just remove the select db or use a new one as an override.
