hi
At first
excuse my bad english.
I got many error like this when posting a form data to be insered in database
Warning: mysql_real_escape_string() [Function.Mysql-Real-Escape-String]: Access denied for user 'vndv'@'localhost' (using password: NO) in /www/vndv.com/k/i/d/kidney/htdocs/includes/aplication_en.php on line 16
etc.... because this error was in line 17 , 18 , 19 , 20, 21
When i open my code and for example i had this code in line 16
$process = mysql_real_escape_string(htmlspecialchars($_POST['process'])); and i got an error
When i removed mysql_real like this
$process = htmlspecialchars($_POST['process']);
my code work fine, it connect to the base and insert information into avalable table.
So why mysql_real_escape does not work???????
I need it to protect my site from sql injection
So what s the solution please??????????????????????????????????
Full Version: What's Problem With Mysql_real?
Zymic Webmaster Forums > Zymic Free Web Hosting > Zymic Free Web Hosting - General Discussion & Help
What is your URL?
Have you created a DB User/Password and a DB?
Jacob.
Have you created a DB User/Password and a DB?
Jacob.
QUOTE(NaRzY @ Jul 30 2008, 08:41 AM) 
What is your URL?
Have you created a DB User/Password and a DB?
Jacob.
Have you created a DB User/Password and a DB?
Jacob.
Hi
of course i created a db/ user/password. and it works fine.
The problem is when i add mysql_real_escape_string to variable, i get many error like this : Warning: mysql_real_escape_string() [Function.Mysql-Real-Escape-String]: Access denied for user 'vndv'@'localhost' (using password: NO) in /www/vndv.com/k/i/d/kidney/htdocs/includes/aplication_en.php on line 16
. and all error pointed to lines where i used mysql_real_escape_string
When i removed it, all works fine, without problem
QUOTE(NaRzY @ Jul 30 2008, 04:41 AM)
What is your URL?
wow narzy obviously didn't read the post.
And for the OP, Make sure the mysql settings in your file is right. It's trying to connect with the user vndv without using a password, and thats very wrong.
You need to place 'mysql_real_escape_string' AFTER the database connection has been established.
Throws the warning:
Does not throw the warning (providing connection details are valid):
Throws the warning:
CODE
<?php
$santize = mysql_real_escape_string($_GET['foo']);
?>
$santize = mysql_real_escape_string($_GET['foo']);
?>
Does not throw the warning (providing connection details are valid):
CODE
<?php
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
QUOTE(Bread @ Jul 30 2008, 01:54 PM)
You need to place 'mysql_real_escape_string' AFTER the database connection has been established.
Throws the warning:
Does not throw the warning (providing connection details are valid):
Throws the warning:
CODE
<?php
$santize = mysql_real_escape_string($_GET['foo']);
?>
$santize = mysql_real_escape_string($_GET['foo']);
?>
Does not throw the warning (providing connection details are valid):
CODE
<?php
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
ok i will try it. thanks(i use the post method and not the get)
QUOTE(Bread @ Jul 30 2008, 01:54 PM)
You need to place 'mysql_real_escape_string' AFTER the database connection has been established.
Throws the warning:
Does not throw the warning (providing connection details are valid):
Throws the warning:
CODE
<?php
$santize = mysql_real_escape_string($_GET['foo']);
?>
$santize = mysql_real_escape_string($_GET['foo']);
?>
Does not throw the warning (providing connection details are valid):
CODE
<?php
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
mysql_connect('localhost', 'myuser', 'mypassword');
$santize = mysql_real_escape_string($_GET['foo']);
?>
thank s
it s working now
QUOTE(Trippin7464 @ Jul 30 2008, 01:28 PM)
wow narzy obviously didn't read the post.
And for the OP, Make sure the mysql settings in your file is right. It's trying to connect with the user vndv without using a password, and thats very wrong.
And for the OP, Make sure the mysql settings in your file is right. It's trying to connect with the user vndv without using a password, and thats very wrong.
sorry i didn't understund this
wow narzy obviously didn't read the post.
And for the OP...
please excuse my poor english vocabulary
QUOTE(kidney @ Jul 30 2008, 05:29 PM)
wow narzy obviously didn't read the post.
This wasn't meant for you, it was for NaRzY.
QUOTE(kidney @ Jul 30 2008, 05:29 PM)
And for the OP...
and OP means Original Poster (of the thread), so that meant You!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.