PDA

View Full Version : warning in mysql_real_escape_string



newphpbees
10 May 2011, 08:19 AM
Good day!

I am new in template in php like calling the .html webpage in php and I encountered warning in mysql_real_escape_string

here is my code:


<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
include('includes/config.sender.php');
include('includes/template.inc');


session_start();

if (isset($_SESSION['logged_in'])) {
header('Location:machine1.php');
die();
}


if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];


$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));

//$username = $_DB->getEscaped($username);
//$password = $_DB->getEscaped(sha1($password));


//mysql_query("UPDATE machine_problem_rhoda_user SET password = '$password' WHERE username = '$username'");

$sql_update = "UPDATE machine_problem_rhoda_user SET
password = '$password',
WHERE username = '$username'";

$sql_select = "SELECT
username,
password
FROM
machine_problem_rhoda_user
WHERE
username='$username'
AND
password='$password'
";

$result = $_DB->opendb($sql_select);

$result=mysql_query($sql_select);

$count=mysql_num_rows($result);

if($count==1){
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
else {
echo "<center>";
echo "Wrong Username or Password";
echo "</center>";
}
}

$tpl = new Template('.', 'keep');
$tpl->set_file(array('handle' => 'html/index.html'));
$tpl->parse('handle', array('handle'));
$tpl->p('handle');
?>


And I got this warning:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 20

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /opt/zeva/releases/ZEVA.sandbox/machine_problem/rhoda/index.php on line 21

coiner
10 May 2011, 04:07 PM
mysql_real_escape_string bases its escape on an open connection's encoding settings. If you haven't opened a connection and you use the function it will output this warning. To fix it, simply open the DB connection before calling the function. It looks like you are using a DB helper class to connect so just open the connection with that and then place your escapes after.