Jump to content

[SOLVED] mysql_real_escape_string() issue?

Solarpitch

By Solarpitch
in PHP Coding Help

 Share

Recommended Posts

Solarpitch Advanced Member

Solarpitch

Posted
Posted

Hey,

 

I'm currently trying to use the  mysql_real_escape_string() function to secure my scripts but when I apply it to a variable, the variables becomes blank when the query is run.

 

<?php

//Sample of my login script...

$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);

//Pass into the function to check the user credentials

        $auth = auth_admin($user, $pass);



..........

//The function itself...

       function auth_admin($username, $password)
{

dbconnect();

echo $query = "SELECT * FROM club_data WHERE username = '" .$username . "' AND password = '" .  $password . "'";
$result = mysql_query($query);

if(!$result)
{
echo "Unable to run query.";
exit;
}

$row = mysql_fetch_row($result);
$count = $row[10];

if ($count > 0)
{
 $clubid = $row[10];
}
else
{
 $clubid = 0;
}

return $clubid;

}

?>

 

Now the problem is when I echo the sql it appears as..

 

SELECT * FROM club_data WHERE username = '' AND password = ''

 

Any help with this would be great as the site has been victim to some SQL attacks recently.

 

Cheers

Link to comment
https://forums.phpfreaks.com/topic/117361-solved-mysql_real_escape_string-issue/
Share on other sites
Solarpitch Advanced Member

Solarpitch

Posted
  • Author
Posted

Hi,

 

It came back with...

 


Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/site/www/portal/index.php on line 43

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/site/www/portal/index.php on line 43

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/site/www/portal/index.php on line 44

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/site/www/portal/index.php on line 44

 

Could this be something I need to contact the hosting company about?

Solarpitch Advanced Member

Solarpitch

Posted
  • Author
Posted

Ah I see... didnt know that at all... so would it be better to have it in the actual query itself like this....

 

<?php

dbconnect();

echo $query = "SELECT * FROM club_data WHERE username = '" .mysql_real_escape_string($username) . "' AND password = '" .  mysql_real_escape_string($password) . "'";
$result = mysql_query($query);

?>

 

Would this work too and it it considered good practice?

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.