dstoltz Posted June 29, 2010 Share Posted June 29, 2010 Hi Folks - I'm kinda new to PHP, and just started using WAMP. I'm having problems with mysql_real_escape_string.... I know you need a connection established first before using this, and I think I have a connection properly set up. The problem happens when calling the function "GetSQLValueString" to clean up the strings for the query. This line in the function seems to be the trigger: $theValue = mysql_real_escape_string($theValue); I keep getting: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in D:\WAMP\www\includes\dbx.php on line 24 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\WAMP\www\includes\dbx.php on line 24 See below for my code and the function it calls...any ideas what I'm doing wrong? <?php // Include the database functions include('../includes/dbx.php'); if (isset($_POST['myForm'])){ if($_POST["myForm"]==1){ $ename = $_POST["ename"]; $ebadge = $_POST["ebadge"]; $essn = $_POST["essn"]; if($ename==""){$ename="none";} if($ebadge==""){$ebadge=0;} if($essn==""){$essn=0;} // Check to see if the user is already in the EHO system $cnx = new mysqli("localhost","user","password","database"); $q = sprintf("SELECT * FROM employees WHERE fname LIKE %s OR lname LIKE %s OR badge = %s OR ssn = %s ORDER BY lname",GetSQLValueString($ename,"text"),GetSQLValueString($ename,"text"),GetSQLValueString($ebadge,"int"),GetSQLValueString($essn,"int")); echo $q; $result = $cnx->query($q); $row = mysqli_fetch_assoc($result); //echo $row['fname']; $num_results = $result->num_rows; } } ?> The PHP function is below: function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = mysql_real_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/ Share on other sites More sharing options...
Mchl Posted June 29, 2010 Share Posted June 29, 2010 $cnx = new mysqli("localhost","user","password","database"); You're setting up a mysqli connection, so you should use mysqli_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078746 Share on other sites More sharing options...
Pikachu2000 Posted June 29, 2010 Share Posted June 29, 2010 mysql_connect() != mysqli_connect() Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078748 Share on other sites More sharing options...
dstoltz Posted June 29, 2010 Author Share Posted June 29, 2010 Wow that was quick, thanks! Ok - so I instead updated this line: $cnx = new mysqli("localhost","user","password","database"); to: $cnx = mysql_connect("localhost","user","password","database"); Which seems to work, but now it errors on this line: $result = $cnx->query($q); with: Fatal error: Call to a member function query() on a non-object in D:\WAMP\www\eho\default.php on line 19 Now what am I doing wrong? geeez.... Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078753 Share on other sites More sharing options...
Mchl Posted June 29, 2010 Share Posted June 29, 2010 And if you're using mysqli, you might want to take a look int mysqli_prepare since what you do seems to be emulating prepared statements. Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078754 Share on other sites More sharing options...
Mchl Posted June 29, 2010 Share Posted June 29, 2010 You need to decide, if you want to use mysql_ or mysqli_ (I recommend this one) to talk to your database. mysqli_ can be used in object oriented manner, hence the error you get, when you moved back to mysql_ Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078755 Share on other sites More sharing options...
dstoltz Posted June 29, 2010 Author Share Posted June 29, 2010 Ok, I adjusted the code to: $result = mysql_query($q); it works...thanks! Quote Link to comment https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/#findComment-1078759 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.