Jump to content

[SOLVED] mysql_escape_string() error

5kyy8lu3

By 5kyy8lu3
in PHP Coding Help

Recommended Posts

5kyy8lu3 Member

5kyy8lu3

Posted
Posted

EDIT: by the way I have MySQL Version: 5.0.45 and PHP Version: 5.2.2

 

EDIT2: LOL ok well I found what's causing 2 of the 4 errors, I was using mysql_... instead of mysqli_...

 

Hi.  I've been working on cleaning up user input to try to stop injections/etc.  I'm having troubles with mysql_escape_string(); for some reason, it's giving me four errors

 

here's the code:

function scrubber($dirty)
{
$dirty = strip_tags(trim(mysql_real_escape_string($dirty)));
$clean = filter_var($var,FILTER_SANITIZE_STRING);
return $clean;
}
$loginn = scrubber($loginn); 
$pword = scrubber($pword);

 

the errors i get:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

i'm already connected to the mysql server about 10 lines up so i know that's not the problem, any ideas? i'm really new to php/sql so i thought it might be mysql login permissions so i gave it FULL rights and it still gives the same errors, not sure what else i'm doing wrong

Link to comment
https://forums.phpfreaks.com/topic/136482-solved-mysql_escape_string-error/
Share on other sites
5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted

ok well I figured out i'm using php5 so I need to use mysqli instead of mysql, and i'm assuming this is the right syntax, right?

 

$dirty = "user input crap in this variable";
$cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
$clean = mysqli_real_escape_string($cxn, $dirty);

 

that is correct syntax, right?

 

this is the error I get:

 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 9

 

any ideas what I'm doing wrong?  thanks

redarrow Advanced Member

redarrow

Posted
Posted

try now m8.

<?php
function scrubber($dirty)
{
$dirty = strip_tags(trim(mysql_real_escape_string($_POST['dirty'])));
$clean = filter_var($var,FILTER_SANITIZE_STRING);
return $clean;
}
$loginn = scrubber($loginn);
$pword = scrubber($pword);
?>

Mchl Regular Member

Mchl

Posted
Posted 

$dirty = "user input crap in this variable";
$cxn = new mysqli($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
$clean = $cxn->mysqli_real_escape_string($dirty);

 

This one is the proper one.

 

 

Alternatively:

 

$dirty = "user input crap in this variable";
$cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
$clean = mysqli_real_escape_string($dirty, $cxn);  //$cxn comes after $dirty

 

ok well I figured out i'm using php5 so I need to use mysqli instead of mysql, and i'm assuming this is the right syntax, right?

 

You don't have to, but indeed mysqli is recommended extension for MySQL server versions 4.1 and later.

5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted 

$dirty = "user input crap in this variable";
$cxn = new mysqli($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
$clean = $cxn->mysqli_real_escape_string($dirty);

 

This one is the proper one.

 

 

Alternatively:

 

$dirty = "user input crap in this variable";
$cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
$clean = mysqli_real_escape_string($dirty, $cxn);  //$cxn comes after $dirty

thank you much!  i could've sworn the php.net help file for that function showed it the other way around, i must be needing some serious sleep, i'll give it a try, thanks =)

5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted

ok well here is what I have now, I made the code a little more clear for you guys, I'm still getting the same error:

 

$cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
function scrubber($dirty)
{
$dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn)));
$clean=filter_var($dirty2,FILTER_SANITIZE_STRING);
return $clean;
}
$loginn = scrubber($_POST['name']); 
$pword = scrubber($_POST['password']);

 

here's the errors:

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 7

 

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /hermes/bosweb/web191/b1913/ipw.kloudzco/public_html/loggy.php on line 7

Mchl Regular Member

Mchl

Posted
Posted

$cxn is not visible inside scrubber function. You have to pass it to it

 

function scrubber($dirty,$cxn) {
  $dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn)));
  $clean=filter_var($dirty2,FILTER_SANITIZE_STRING);
  return $clean;
}

 

Read on variable scope

5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted

$cxn is not visible inside scrubber function. You have to pass it to it

 

function scrubber($dirty,$cxn) {
  $dirty2=strip_tags(trim(mysqli_real_escape_string($dirty, $cxn)));
  $clean=filter_var($dirty2,FILTER_SANITIZE_STRING);
  return $clean;
}

 

Read on variable scope

yup, that totally did it, thanks a bunch =) it works great now, I knew you had to send variables into functions, I just didn't think about it when I found out the sqli version of the function required the connection info lol, silly me

 

really really appreciate the great help, cheers :)

 

here's my final code for anyone who might search this later:

$cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server.");
function scrubber($dirty, $cxn)
{
$dirty2 = strip_tags(trim(mysqli_real_escape_string($cxn, $dirty)));
$clean = filter_var($dirty2,FILTER_SANITIZE_STRING);
return $clean;
}
$loginn = scrubber($_POST['name'], $cxn); 
$pword = scrubber($_POST['password'], $cxn);

5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted

It still is wrong...

are you talking about the order of $cxn and $dirty in: mysqli_real_escape_string($cxn, $dirty) ?

 

php.net shows it the way i have it, unless i'm reading it wrong o.0

 

http://us.php.net/manual/en/mysqli.real-escape-string.php

 

 

5kyy8lu3 Member

5kyy8lu3

Posted
  • Author
Posted

My bad this time :P Was looking at mysql_real_escape_string() page :P

 

Anyway, I use mysqli in an object oriented style (as in example #1 on that page), as it seems to be more convenient to me. Give it a try.

will do, thanks again for all the help, i really appreciate it =)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.