PHP-MySQL connection for particular module

[bateivan]

Hello,

 

First of all, please, have in mind that I am new in this business.

 

I have a problem connecting with data base in one particular module. That's right.

The rest of the modules can connect to db, update tables with new info but this one is refusing giving me message like this:

 

"Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in

D:\Program Files\Apache Software Foundation\Apache2.2\htdocs\login.php on line 17

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in D:\Program Files\Apache Software Foundation\Apache2.2\htdocs\login.php on line 17"

 

 

It is a authentication module and this is the fragment of the code which is giving me a hard time:

 

***********************************************************************************

<?php

include $_SERVER['DOCUMENT_ROOT'].

        '/layout.php';

 

switch($_REQUEST['req']){

 

case "validate":

 

  $validate = mysql_query("SELECT * FROM members

                          WHERE username = '{$_POST['username']}'

                          AND password = md5('{$_POST['password']}')"

                          );

 

etc....

 

***********************************************************************************

 

My platform is WinXP on drive F:\ (I have Win'98 on C:\) and as you can see my program files are on D:\. All this may not be important but I listed anyway.

It is installed Apache 2.2.6 using windows installer, PHP 5.2.6 (I just replaced 5.2.5 hoping to fix the problem), and MySQL 5.0.45.

 

I am using persisten connection which should be on until you restart the server.

I have a file included in every page for connection with MySQL and data base.

PHP manual says that "mysql_query" reuses the existing connection or try to create one if not present (I think, according to the warning is trying to create one).

I had been checking after each step using phpinfo() if the connection is there and it's there but for some reason the above fragment does not work. As I mentioned above the rest of my modules are working fine with mysql.

 

I checked the "php.ini" file. I compared it to "php.ini.recomended" from the .zip distribusion package and they are almost identical exept couple of things for error reporting.

I, also checked FAQ, mail listings and other forums but it does not seem anybody had a similar problem.

 

In one of my tests I included a redundant line for connection just before the problem lines (although, I have included file for connection), as described below, and it worked but my intention is to keep such lines in a separate files and include them in every page instead.

 

***********************************************************************************

.......

 

$link = mysql_pconnect('localhost', 'root', 'testing');

 

 

  $validate = mysql_query("SELECT * FROM members

                          WHERE username = '{$_POST['username']}'

                          AND password = md5('{$_POST['password']}')"

                          );

etc.

***********************************************************************************

 

As I metioned, this is an authentication module and, may be, that's why is behaving diferently from the rest or I need to do some setup changes in "php.ini" which I am not familiar with.

 

If anyone has had simmilar problem I would appreciate his/her input. Please, help me resolve this mistery.

 

[wildteen88]

What file do you keep your connection info in? Is it layout.php?

 

Also when you're dealing with a persisitant connection you should pass the link identifier (in your case $link) to any of the mysql_* functions, which optionally require it, eg: mysql_select_db, mysql_query etc.

[bateivan]

Hello,

 

The file is "database.php".

I include in every page "layout.php" which includes "common.php" and this one includes "database.php".

 

The strangest thing is that the other my modules work fine in this setup. Below I am including file "carmade.php" and "login.php". The fist one works fine like the rest of my modules v.s. "login.php" which does not. This makes me think that is a setup thing of PHP itself.

I am, also, listing my "database.php".

 

carmade.php:

<?php
include $_SERVER['DOCUMENT_ROOT'].
       '/layout.php';

// Quick Login session check   
login_check();
  
switch($_REQUEST['req']){
  // Insert Case
  case "create_carmade":
    myheader("Добавяне на автомобилни марки в списъка");
    
    // Double check form posted values are there
    // before performing INSERT query
    if(!$_POST['car_descr']){
        echo '<p align="center">Липсва информациятя от формата!</p>'.
	 '<p align="center">Моля, използвайте бутона'.
	 'Назад и въведете данните отново!</p>';
	  footer();
        exit();
    }
    
    // Insert Query
    $sql = mysql_query("INSERT INTO carmade
                (car_descr)
                VALUES('{$_POST['car_descr']}')");
                      
    // Insert query results                  
    if(!$sql){
        echo "Грешка при въвеждане на данните:".mysql_error();
    } else {
        
        echo '<p align="center">Марката "'.$_POST['car_descr'].
	 '"е въведена<br/>с номер:'.mysql_insert_id();
        echo '<br /><a href="/admin/carmade.php?req=new_carmade">Искате ли да'.
	 	'въведете друга марка?</a>';
    } 
  break;
  
  // Create car made form case
  case "new_carmade":
     myheader("Въвеждане на нова автомобилна марка");
     include $_SERVER['DOCUMENT_ROOT'].
             '/html/forms/carmade_insert.html';
     footer();
  break;
  
  default:
     myheader("Администриране на списъка с автомобилните марки");
     include $_SERVER['DOCUMENT_ROOT'].
             '/html/carmade_admin.html';
     footer();
  break;
  
}
?>

 

login.php:

<?php
include $_SERVER['DOCUMENT_ROOT'].
       '/layout.php';


switch($_REQUEST['req']){ 
  
case "validate":

  $validate = mysql_query("SELECT * FROM members
                          WHERE username = '{$_POST['username']}'
                          AND password = md5('{$_POST['password']}')"
                          );

  $num_rows = mysql_num_rows($validate);

  if($num_rows == 1){
     while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['member_id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];
        
        if($row['admin_access'] == 1){
           $_SESSION['admin_access'] = true;
        }
        $login_time = mysql_query("UPDATE members
                      SET last_login=now()
                      WHERE id='{$row['id']}'");
      }
      header("Location: /loggedin.php");
  } else {
     myheader("Входът в административната зона е неуспешен!");
     echo '<p align="center">Входът в страницата не е успешен!</p>';
     echo '<p align="center">Проверете потребителското си '.
          'име и паролата си и опитайте пак или се '.
          'обадете на администратора.</p>';
     footer();
  }
break;

default:
  myheader("Вход!");
     include $_SERVER['DOCUMENT_ROOT'].
             '/html/forms/login_form.html';
  footer();
break;
}
?>

 

 

database.php:

<?php
$link = mysql_pconnect('localhost','root','testing');
$set = mysql_query('SET NAMES CP1251');
$set = mysql_query('SET_COLLATION=CP1251_GENERAL_CI');
mysql_select_db('samek_db', $link) or die(mysql_error());

?>

 

EDITED BY WILDTEEN88: Please use code tags (

) tags when posting code.

 

[wildteen88]

If you echo $link in login.php you should receive a message like the following

Resource id #2

if you do then PHP is connecting to MySQL. The problem is mysql_query is not using the current connection to MySQL. I would recommend you to pass the link-identifier ($link) to mysql_query instead, eg

mysql_query('your query', $link);

 

Also, as a side note I would advise you to sanities any user data ($_GET, $_POST or $_COOKIE) before using it within a mysql query. Failier to do so can allow a malicious user to run SQL Injection attacks on your database, which could result in all your data in your database to be deleted.

[bateivan]

Hello,

 

and thank you for the input. This, definetely, works.

 

About the the side note. As I mentioned earlier, I am new in this, so could you direct me where I can find information about how to sanity my user data. I would appreciate this alot.

 

Regards

[wildteen88]

Search google for SQL Injection and you'll get many articles explaining what it is and how to protect yourself. Here is a great article I used when I learnt how to protect against SQL Injection attacks.

[bateivan]

Thanks a lot, wildteen88.