1

Hi for some reason I am not aware of I keep receiving the following errors:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO) in /home/a8221325/public_html/add.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/a8221325/public_html/add.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO) in /home/a8221325/public_html/add.php on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/a8221325/public_html/add.php on line 12

From the research I've done I feel like the problem is in the way I connect to my database, but I'm not entirely sure. If someone could help me get my code to work it'd be awesome! So far my site consists of two pages, test and add here is their code:

test.html:

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<form action="add.php" method="post" name="form1" id="form1">
  <label for="name">Text Field:</label>
  <input type="text" name="name" id="name">
  <label for="password">Text Field:</label>
  <input type="text" name="password" id="password">
  <input type="submit" name="submit" id="submit" value="Submit">
</form>
</body>
</html>

add.php:

<?php
$con=mysqli_connect("mysql1.000webhost.com","a8221325_admin","**************","a8221325_prom");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$escapedName = mysql_real_escape_string($_POST['name']); # use whatever escaping function your db requires this is very important.
$escapedPW = mysql_real_escape_string($_POST['password']);

# generate a random salt to use for this account
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

$saltedPW =  $escapedPW . $salt;

$hashedPW = hash('sha256', $saltedPW);

$query = "insert into user (name, password, salt) values ('$escapedName', '$hashedPW', '$salt'); ";
?>

Thank you!

Improve this question
3
  • 1
    mysql_real_escape_string is a function of mysql extension, mysqli_connect is a function of mysqli extension. And you shouldn't sanitize user's password BEFORE you hash it, but before you insert the hash into a database Commented Feb 10, 2014 at 0:38
  • What is unclear about the error message being thrown? Commented Feb 10, 2014 at 0:38
  • @PeeHaa: it actually is a bit tricky, especially for a newbie Commented Feb 10, 2014 at 0:39

1 Answer 1

Reset to default
5

You are using the mysqli extension to create the database connection.

Then you are using an entirely different extension named "mysql" (note the missing "i" at the end) to escape.

Escaping needs an existing mysql connection. If non exists, it will be created implicitly with default values. Doing this fails.

But it does not point you into the correct direction: You have to use the escaping functions from the extension you create the connection with. Which is mysqli_real_escape_string (note the added "i" after "mysql").

General disclaimers:

When using MySQLI, use prepared statements to get rid of escaping strings.

Don't use fast hash functions to hash passwords. Include this library that implements the PHP5.5 functions for password hashing: https://github.com/ircmaxell/password_compat

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

it would be nice if you mentioned prepared statements

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.