5kyy8lu3 Posted December 11, 2008 Share Posted December 11, 2008 EDIT: by the way I have MySQL Version: 5.0.45 and PHP Version: 5.2.2 EDIT2: LOL ok well I found what's causing 2 of the 4 errors, I was using mysql_... instead of mysqli_... Hi. I've been working on cleaning up user input to try to stop injections/etc. I'm having troubles with mysql_escape_string(); for some reason, it's giving me four errors here's the code: function scrubber($dirty) { $dirty = strip_tags(trim(mysql_real_escape_string($dirty))); $clean = filter_var($var,FILTER_SANITIZE_STRING); return $clean; } $loginn = scrubber($loginn); $pword = scrubber($pword); the errors i get: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 i'm already connected to the mysql server about 10 lines up so i know that's not the problem, any ideas? i'm really new to php/sql so i thought it might be mysql login permissions so i gave it FULL rights and it still gives the same errors, not sure what else i'm doing wrong Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 11, 2008 Share Posted December 11, 2008 Are you 100%, completely, absolutely positively sure that connection is available at the time this function (scrubber() ) is called? Perhaps paste the code where it is called. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 ok well I figured out i'm using php5 so I need to use mysqli instead of mysql, and i'm assuming this is the right syntax, right? $dirty = "user input crap in this variable"; $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); $clean = mysqli_real_escape_string($cxn, $dirty); that is correct syntax, right? this is the error I get: Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9 any ideas what I'm doing wrong? thanks Quote Link to comment Share on other sites More sharing options...
redarrow Posted December 11, 2008 Share Posted December 11, 2008 try now m8. <?php function scrubber($dirty) { $dirty = strip_tags(trim(mysql_real_escape_string($_POST['dirty']))); $clean = filter_var($var,FILTER_SANITIZE_STRING); return $clean; } $loginn = scrubber($loginn); $pword = scrubber($pword); ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 11, 2008 Share Posted December 11, 2008 $dirty = "user input crap in this variable"; $cxn = new mysqli($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); $clean = $cxn->mysqli_real_escape_string($dirty); This one is the proper one. Alternatively: $dirty = "user input crap in this variable"; $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); $clean = mysqli_real_escape_string($dirty, $cxn); //$cxn comes after $dirty ok well I figured out i'm using php5 so I need to use mysqli instead of mysql, and i'm assuming this is the right syntax, right? You don't have to, but indeed mysqli is recommended extension for MySQL server versions 4.1 and later. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 $dirty = "user input crap in this variable"; $cxn = new mysqli($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); $clean = $cxn->mysqli_real_escape_string($dirty); This one is the proper one. Alternatively: $dirty = "user input crap in this variable"; $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); $clean = mysqli_real_escape_string($dirty, $cxn); //$cxn comes after $dirty thank you much! i could've sworn the php.net help file for that function showed it the other way around, i must be needing some serious sleep, i'll give it a try, thanks =) Quote Link to comment Share on other sites More sharing options...
redarrow Posted December 11, 2008 Share Posted December 11, 2008 why does mysql error out, But mysqli works for mysql_real_escape_string() don't get it please tell me. just interested Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 ok well here is what I have now, I made the code a little more clear for you guys, I'm still getting the same error: $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); function scrubber($dirty) { $dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn))); $clean=filter_var($dirty2,FILTER_SANITIZE_STRING); return $clean; } $loginn = scrubber($_POST['name']); $pword = scrubber($_POST['password']); here's the errors: Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 7 Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 7 Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 11, 2008 Share Posted December 11, 2008 $cxn is not visible inside scrubber function. You have to pass it to it function scrubber($dirty,$cxn) { $dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn))); $clean=filter_var($dirty2,FILTER_SANITIZE_STRING); return $clean; } Read on variable scope Quote Link to comment Share on other sites More sharing options...
redarrow Posted December 11, 2008 Share Posted December 11, 2008 dam your quick new that one lol. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 $cxn is not visible inside scrubber function. You have to pass it to it function scrubber($dirty,$cxn) { $dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn))); $clean=filter_var($dirty2,FILTER_SANITIZE_STRING); return $clean; } Read on variable scope yup, that totally did it, thanks a bunch =) it works great now, I knew you had to send variables into functions, I just didn't think about it when I found out the sqli version of the function required the connection info lol, silly me really really appreciate the great help, cheers here's my final code for anyone who might search this later: $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); function scrubber($dirty, $cxn) { $dirty2 = strip_tags(trim(mysqli_real_escape_string($cxn, $dirty))); $clean = filter_var($dirty2,FILTER_SANITIZE_STRING); return $clean; } $loginn = scrubber($_POST['name'], $cxn); $pword = scrubber($_POST['password'], $cxn); Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 11, 2008 Share Posted December 11, 2008 It still is wrong... Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 It still is wrong... are you talking about the order of $cxn and $dirty in: mysqli_real_escape_string($cxn, $dirty) ? php.net shows it the way i have it, unless i'm reading it wrong o.0 http://us.php.net/manual/en/mysqli.real-escape-string.php Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 11, 2008 Share Posted December 11, 2008 My bad this time Was looking at mysql_real_escape_string() page Anyway, I use mysqli in an object oriented style (as in example #1 on that page), as it seems to be more convenient to me. Give it a try. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted December 11, 2008 Author Share Posted December 11, 2008 My bad this time Was looking at mysql_real_escape_string() page Anyway, I use mysqli in an object oriented style (as in example #1 on that page), as it seems to be more convenient to me. Give it a try. will do, thanks again for all the help, i really appreciate it =) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.