Jump to content

mysql_real_escape_string Problem???

dstoltz

By dstoltz
in PHP Coding Help

Recommended Posts

dstoltz Newbie

dstoltz

Posted
Posted

Hi Folks - I'm kinda new to PHP, and just started using WAMP. I'm having problems with mysql_real_escape_string.... I know you need a connection established first before using this, and I think I have a connection properly set up. The problem happens when calling the function "GetSQLValueString" to clean up the strings for the query. This line in the function seems to be the trigger: $theValue = mysql_real_escape_string($theValue);

 

I keep getting:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in D:\WAMP\www\includes\dbx.php on line 24

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\WAMP\www\includes\dbx.php on line 24

 

See below for my code and the function it calls...any ideas what I'm doing wrong?

 

<?php
// Include the database functions
include('../includes/dbx.php');

if (isset($_POST['myForm'])){
if($_POST["myForm"]==1){

$ename = $_POST["ename"];
$ebadge = $_POST["ebadge"];
$essn = $_POST["essn"];
if($ename==""){$ename="none";}
if($ebadge==""){$ebadge=0;}
if($essn==""){$essn=0;}

// Check to see if the user is already in the EHO system
$cnx = new mysqli("localhost","user","password","database");
$q = sprintf("SELECT * FROM employees WHERE fname LIKE %s OR lname LIKE %s OR badge = %s OR ssn = %s ORDER BY lname",GetSQLValueString($ename,"text"),GetSQLValueString($ename,"text"),GetSQLValueString($ebadge,"int"),GetSQLValueString($essn,"int"));
echo $q;
$result = $cnx->query($q);
$row = mysqli_fetch_assoc($result);
//echo $row['fname'];

$num_results = $result->num_rows;	

}
}
?>

 

The PHP function is below:

 

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = mysql_real_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

Link to comment
https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/
Share on other sites
dstoltz Newbie

dstoltz

Posted
  • Author
Posted

Wow that was quick, thanks!

 

Ok - so I instead updated this line:

$cnx = new mysqli("localhost","user","password","database");

 

to:

$cnx = mysql_connect("localhost","user","password","database");

 

Which seems to work, but now it errors on this line:

 

$result = $cnx->query($q);

 

with: Fatal error: Call to a member function query() on a non-object in D:\WAMP\www\eho\default.php on line 19

 

Now what am I doing wrong? geeez....

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.