Jump to content

mysql_real_escape_string Problem???

dstoltz

By dstoltz
in PHP Coding Help

 Share

Recommended Posts

dstoltz Newbie

dstoltz

Posted
Posted

Hi Folks - I'm kinda new to PHP, and just started using WAMP. I'm having problems with mysql_real_escape_string.... I know you need a connection established first before using this, and I think I have a connection properly set up. The problem happens when calling the function "GetSQLValueString" to clean up the strings for the query. This line in the function seems to be the trigger: $theValue = mysql_real_escape_string($theValue);

 

I keep getting:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in D:\WAMP\www\includes\dbx.php on line 24

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\WAMP\www\includes\dbx.php on line 24

 

See below for my code and the function it calls...any ideas what I'm doing wrong?

 

<?php
// Include the database functions
include('../includes/dbx.php');

if (isset($_POST['myForm'])){
if($_POST["myForm"]==1){

$ename = $_POST["ename"];
$ebadge = $_POST["ebadge"];
$essn = $_POST["essn"];
if($ename==""){$ename="none";}
if($ebadge==""){$ebadge=0;}
if($essn==""){$essn=0;}

// Check to see if the user is already in the EHO system
$cnx = new mysqli("localhost","user","password","database");
$q = sprintf("SELECT * FROM employees WHERE fname LIKE %s OR lname LIKE %s OR badge = %s OR ssn = %s ORDER BY lname",GetSQLValueString($ename,"text"),GetSQLValueString($ename,"text"),GetSQLValueString($ebadge,"int"),GetSQLValueString($essn,"int"));
echo $q;
$result = $cnx->query($q);
$row = mysqli_fetch_assoc($result);
//echo $row['fname'];

$num_results = $result->num_rows;	

}
}
?>

 

The PHP function is below:

 

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = mysql_real_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

Link to comment
https://forums.phpfreaks.com/topic/206188-mysql_real_escape_string-problem/
Share on other sites
dstoltz Newbie

dstoltz

Posted
  • Author
Posted

Wow that was quick, thanks!

 

Ok - so I instead updated this line:

$cnx = new mysqli("localhost","user","password","database");

 

to:

$cnx = mysql_connect("localhost","user","password","database");

 

Which seems to work, but now it errors on this line:

 

$result = $cnx->query($q);

 

with: Fatal error: Call to a member function query() on a non-object in D:\WAMP\www\eho\default.php on line 19

 

Now what am I doing wrong? geeez....

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.