4

i am trying escape some data before it goes into my database, but i keep getting this error:

Warning: mysql_real_escape_string(): Access denied for user

Now this would usually suggest that i have not connected to the database (it also states (using password: NO)).

I was a little confused by this because when connecting to a database i have a 'die' clause so if it fails to connect i get told about it. So i tested this theory by running a simple query in the same function that im trying to escape the data and it works just fine.

So why on earth won't the escape method work or get a connection to the database. I did notice that the user the error states is not the user i use to access the database its something like 'www-data@localhost'. Could it be trying to log in with a different user, if so why and how? Because i another area of my website the escape function works just fine and i didn't do anything special to make it work, just added the code into my web page.

thanks for the help.

Are there any other ways of sanitizing my code?

Okay, so here we go, when the user submits the form, i use AJAX to collect the data and put it into an obj to post(JSON encoding) it to the first PHP script which is here:

http://codepad.org/kGPljN4I

This script checks all the data is there and then calls a function to add it to the database

this Mysql class is called to escape the data and then add a new record to the database, when and instance of the class is made it makes a connection to the database:

http://codepad.org/wwGNrTJm

The third file is for constants, it holds the information for the database like pass, user and so on:

http://codepad.org/dl0QQbi9

any better?

thanks again for the help.

Improve this question
9
  • 2
    It seems you're trying to call the funciton before you open a connection. Maybe in the other area of your website where this works, you already have the connection open..? Commented Mar 2, 2012 at 10:01
  • @bububaba Well i tested that, i commented the code for escaping the data and put the code to run a simple SELECT query that returned data just fine so i am connected to the database. Thats what is so weird about it. Commented Mar 2, 2012 at 10:03
  • Check for mysql_connect() in your script with the username given in the error. Most probably, you have given wrong credentials at the beginning somewhere. Commented Mar 2, 2012 at 10:12
  • bytes.com/topic/php/answers/… Commented Mar 2, 2012 at 10:21
  • 1
    I think it's safe to say now that we need more code to help Commented Mar 2, 2012 at 11:16

3 Answers 3

Reset to default
9

The problem is that you have established your connection using MySQLi, but are then calling mysql_real_escape_string(). You intend to be calling mysqli_real_escape_string() either in procedural context, or object oriented contex.

class Mysql 
{
    private $conn;

    function __construct() 
    {

        $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
                      die('No Connection to database!');
    }

    function add_non_member($data) 
    {
        $email = $data->email;

            // Procedural call
            $san_email = mysqli_real_escape_string($this->conn, $email);

            // Or OO call (recommended)
            $san_email = $this->conn->real_escape_string($email);

                // etc...
        }

  // etc...;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

OHHHHHHHHHHHHHHHHH Man, i totally over looked that! I've been pulling my hair out!
3

You're mixing ext/mysqli 

$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME

with ext/mysql functions:

$san_email = mysql_real_escape_string($email);

that last line should be

$san_email = $this->conn->real_escape_string($email);
Improve this answer

Comments

0

I also got this access denied warning and I was able to find the solution. The problem is that I have not setup mysql db connection before calling mysql_real_escape_string function.

Solution:

  • Call mysql_connect($host, $user, $password) first (Or you can call your database connect function)
  • Then use mysql_real_escape_string($var)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.