pro2call Posted July 25, 2011 Share Posted July 25, 2011 Level set: I'm new to PHP Development: I run MAMP on my Mac; My code runs fine with mysql_real_escape_string in dev. Host - In production: I received an error with mysql () connection ------------------------------------------------------------------------------------ Tried: to switch to mysqli_real_escape_string $dbc = mysqli_connect($dbhost,$dbuser,$dbpass,$db) or die ('Error in connection'); $username = mysqli_real_escape_string($_POST['username'); Returns: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /hermes/bosweb/web011/b118/ipg.mysite/ProtectedScores.php on line 15 Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /hermes/bosweb/web011/b118/ipg.mysite/ProtectedScores.php on line 16 That user does not exist ------------------------------------------------------------------------------------ Then I tried: $dbc = mysqli_connect($dbhost,$dbuser,$dbpass,$db) or die ('Error in connection'); $username = mysqli_real_escape_string($dbc, ($_POST['username')); Returns: Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web011/b118/ipg.mysite/ProtectedScores.php on line 16 That user does not exist ------------------------------------------------------------------------------------ However: If I just use $username = $_POST['username'] everything works. Please help! Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/ Share on other sites More sharing options...
Nodral Posted July 25, 2011 Share Posted July 25, 2011 Hi In your first bit of info about yourself, you quote you are using MySQL in dev and then mysql in prod. You then point out an error with mysqli. Which are you using and have you changed at all? Does your connect statement work ok? Have you tested that? Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246733 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 Sorry for the confusion: In development: I run mysql_real_escape_string In production (a hosted site): I tried mysql_real_escape_string but received an error... therefore I moved to mysqli_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246742 Share on other sites More sharing options...
Nodral Posted July 25, 2011 Share Posted July 25, 2011 I was in a similar situation where I was using mysqli in dev and mysql in prod and this caused me no end of issues as the commands are different, sometimes subtly and sometimes quite obviously. I'd ask your host to use whatever you are using n dev as this will save you loads of time in debugging, alternatively you use the same in dev as you are using in live. What error did you get in prod when you used mysql_real_escape_string? Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246749 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web011/b118/ipg..../ProtectedScores.php on line 15 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web011/b118/ipg..../ProtectedScores.php on line 15 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web011/b118/ipg..../ProtectedScores.php on line 16 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /hermes/bosweb/web011/b118/ipg..../ProtectedScores.php on line 16 That user does not exist Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246752 Share on other sites More sharing options...
wildteen88 Posted July 25, 2011 Share Posted July 25, 2011 You cannot use the mysql*() and mysqli*() functions together. If you're using mysql() based functions on your dev box but use mysqli based functions on your live box, then update your dev box to work with mysqli. You should configure your dev box so its configuration is similar to your live box. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246754 Share on other sites More sharing options...
Nodral Posted July 25, 2011 Share Posted July 25, 2011 Using mysql Set up a file called connect.php with the following. <?php $link = mysql_connect('localhost', 'username', 'password'); if (!$link) { echo'1Unable to connect to the database server.'; exit(); } if (!mysql_set_charset('utf8', $link)) { echo'2Unable to connect to the database server.'; exit(); } if(!mysql_select_db('db-name', $link)) { echo'3Unable to connect to the database server.'; exit(); } ?> Then use include_once('connect.php'); at the start of every script requiring a DB connection. Then when using try using $username=mysql_real_escape_string($_POST['username']; Note there is no link or connection identifyer in the brackets. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246755 Share on other sites More sharing options...
Muddy_Funster Posted July 25, 2011 Share Posted July 25, 2011 normaly I wouldn't bother, but you missed the closing ) on Then when using try using $username=mysql_real_escape_string($_POST['username']; it wants to be $username=mysql_real_escape_string($_POST['username']); Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246759 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 I'll give that a wirl... And I fully agree about prod & Dev... However, I did not know there was going to be an issue until I moved my code to production (ipage is the host server). Now that I know the constraint, I switch my code base in development to match that in production. My development box just passes over warnings and delivers the goods... iPage stops pages from loading with warning. Not very nice of them ;( I've been trying to avoid the obvious conclusion... if you can't get a built-in function to run... build it yourself. My desire with the function was to protect against SQL Injections... I guess that function wouldn't be too hard to write. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246760 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 Here is the full code: <?php session_start(); require_once("wsconfig/config.php"); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db) or die('Error connection'); //$username = mysqli_real_escape_string($dbc, ($_POST['username'])); //$password = mysqli_real_escape_string($dbc, ($_POST['password'])); $query = "SELECT username, password FROM account where username ='".$username."' and password='".$password."'"; $data = mysqli_query($dbc, $query); $numrows = mysqli_num_rows($data); if ($numrows!=0) { while($row = mysqli_fetch_assoc($data)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername && $password==$dbpassword) { $_SESSION['username'] = $dbusername; header('Location: Admin.php'); } else echo "Incorrect password"; } else die("That user does not exist"); } else die("Invalide login") ?> Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246761 Share on other sites More sharing options...
wildteen88 Posted July 25, 2011 Share Posted July 25, 2011 SO when you uncomment these lines //$username = mysqli_real_escape_string($dbc, ($_POST['username'])); //$password = mysqli_real_escape_string($dbc, ($_POST['password'])); It comes up with an error? Does this error show on both your development and production boxes? The way you have coded those line is exactly how you use mysqli_real_escape_string. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246764 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 No... my above code works! Uncommenting the msqli stuff causes the issues... (below fails) <?php session_start(); require_once("wsconfig/config.php"); //$username = $_POST['username']; //$password = $_POST['password']; if ($username&&$password) { $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db) or die('Error connection'); $username = mysqli_real_escape_string($dbc, ($_POST['username'])); $password = mysqli_real_escape_string($dbc, ($_POST['password'])); $query = "SELECT username, password FROM account where username ='".$username."' and password='".$password."'"; $data = mysqli_query($dbc, $query); $numrows = mysqli_num_rows($data); if ($numrows!=0) { while($row = mysqli_fetch_assoc($data)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername && $password==$dbpassword) { $_SESSION['username'] = $dbusername; header('Location: Admin.php'); } else echo "Incorrect password"; } else die("That user does not exist"); } else die("Invalide login") ?> Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /hermes/bosweb/web011/b118/ipg.mysite/ProtectedScores.php on line 16 That user does not exist Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246765 Share on other sites More sharing options...
Muddy_Funster Posted July 25, 2011 Share Posted July 25, 2011 and what do you get with: <?php session_start(); require_once("wsconfig/config.php"); $username = mysqli_real_escape_string($dbc, ($_POST['username'])); $password = mysqli_real_escape_string($dbc, ($_POST['password'])); if ($username&&$password) { $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db) or die('Error connection'); $query = "SELECT username, password FROM account where username ='".$username."' and password='".$password."'"; $data = mysqli_query($dbc, $query); $numrows = mysqli_num_rows($data); if ($numrows!=0) { while($row = mysqli_fetch_assoc($data)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername && $password==$dbpassword) { $_SESSION['username'] = $dbusername; header('Location: Admin.php'); } else echo "Incorrect password"; } else die("That user does not exist"); } else die("Invalide login") ?> Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246772 Share on other sites More sharing options...
wildteen88 Posted July 25, 2011 Share Posted July 25, 2011 Change $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db) or die('Error connection'); To $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db); if (mysqli_connect_errno()) { die('Connect failed: '. mysqli_connect_error()); } else { echo 'Successful Connection!<br />'; echo 'We are connected to: ' . mysqli_get_host_info($dbc); echo '<pre>' . print_r($dbc, true) . '</pre>'; } @Muddy_Funster: You cannot use mysqli_real_escape_string without be connected to mysql first! So your reply is not very helpful and making the matter even more confusing. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246773 Share on other sites More sharing options...
Nodral Posted July 25, 2011 Share Posted July 25, 2011 You could try $username = mysqli_real_escape_string($dbc, $_POST['username']); $password = mysqli_real_escape_string($dbc, $_POST['password']); In the php manual, there is no requirement for the set of brackets around the string you are converting. Sorry if this is wrong, but I'm not really that experienced with mysqli Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246778 Share on other sites More sharing options...
Muddy_Funster Posted July 25, 2011 Share Posted July 25, 2011 Fair point indeed, I hadn't payed attention to what I was doing (too much haste). Problem I was trying to address was that the OP had commented out the lines that assigned $username and $password - and still used them as a verification for the connection string to be called. Thus it's not going to work. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246782 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 wildteen88... I get the following: Successfull connectin We are connected to ....ipagemysql.com via TCP/IP mysqli Object ( ) Warning: Cannot modify header information - headers already sent by (output started at /hermes/bosweb/web011/b118/ipg..../ProtectedScores.php:21) in /hermes/bosweb/web011/b118/ipg.../ProtectedScores.php on line 46 Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246787 Share on other sites More sharing options...
wildteen88 Posted July 25, 2011 Share Posted July 25, 2011 mysqli_connect() is returning an empty mysqli object. This line echo '<pre>' . print_r($dbc, true) . '</pre>'; Should output something similar to mysqli Object ( [affected_rows] => 0 [client_info] => 5.1.49 [client_version] => 50149 [connect_errno] => 0 [connect_error] => [errno] => 0 [error] => [field_count] => 0 [host_info] => Localhost via UNIX socket [info] => [insert_id] => 0 [server_info] => 5.1.49-1ubuntu8.1 [server_version] => 50149 [sqlstate] => 00000 [protocol_version] => 10 [thread_id] => 138 [warning_count] => 0 ) As the connection is returning an empty mysqli object ($dbc) this could be why mysqli_real_escape_string is failing. Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246794 Share on other sites More sharing options...
pro2call Posted July 25, 2011 Author Share Posted July 25, 2011 I see the issue!!! The $username and $password are not assigned when I uncommented them and placed them under the $dbc connection.... it was null, therefore failed the if ($usernamen&&$password) every time.>>> the following works: <?php session_start(); require_once("wsconfig/config.php"); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { $dbc = mysqli_connect($dbhost,$dbuser, $dbpass, $db) or die('Error connection'); $username = mysqli_real_escape_string($dbc, ($_POST['username'])); $password = mysqli_real_escape_string($dbc, ($_POST['password'])); $query = "SELECT username, password FROM account where username ='".$username."' and password='".$password."'"; $data = mysqli_query($dbc, $query); $numrows = mysqli_num_rows($data); if ($numrows!=0) { while($row = mysqli_fetch_assoc($data)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername && $password==$dbpassword) { $_SESSION['username'] = $dbusername; header('Location: Admin.php'); } else echo "Incorrect password"; } else die("That user does not exist"); } else die("Invalide login") ?> Thanks ya'll!!! Digging through the code and getting other peoples eyes on stuff really helps one evolute your code! Quote Link to comment https://forums.phpfreaks.com/topic/242738-warning-mysqli_real_esacpe_string/#findComment-1246796 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.