Hi Folks - I'm kinda new to PHP, and just started using WAMP. I'm having problems with mysql_real_escape_string.... I know you need a connection established first before using this, and I think I have a connection properly set up. The problem happens when calling the function "GetSQLValueString" to clean up the strings for the query. This line in the function seems to be the trigger: $theValue = mysql_real_escape_string($theValue);
I keep getting:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in D:\WAMP\www\includes\dbx.php on line 24
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\WAMP\www\includes\dbx.php on line 24
See below for my code and the function it calls...any ideas what I'm doing wrong?
<?php
// Include the database functions
include('../includes/dbx.php');
if (isset($_POST['myForm'])){
if($_POST["myForm"]==1){
$ename = $_POST["ename"];
$ebadge = $_POST["ebadge"];
$essn = $_POST["essn"];
if($ename==""){$ename="none";}
if($ebadge==""){$ebadge=0;}
if($essn==""){$essn=0;}
// Check to see if the user is already in the EHO system
$cnx = new mysqli("localhost","user","password","database");
$q = sprintf("SELECT * FROM employees WHERE fname LIKE %s OR lname LIKE %s OR badge = %s OR ssn = %s ORDER BY lname",GetSQLValueString($ename,"text"),GetSQLValueString($ename,"text"),GetSQLValueString($ebadge,"int"),GetSQLValueString($essn,"int"));
echo $q;
$result = $cnx->query($q);
$row = mysqli_fetch_assoc($result);
//echo $row['fname'];
$num_results = $result->num_rows;
}
}
?>
The PHP function is below:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = mysql_real_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}