1

I began learning to code a few days ago and I am having some issues with mysql_real_escape_string, specifically with a login.php.

The error messages:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'elegant'@'localhost' (using password: NO) in /home/elegant/public_html/php/login.php on line 3 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/elegant/public_html/php/login.php on line 3 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'elegant'@'localhost' (using password: NO) in /home/elegant/public_html/php/login.php on line 4 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/elegant/public_html/php/login.php on line 4 Please enter a username and a password

Here is the code I have so far -- this code worked in localhost but once I put it online and imported the database tables, it gave me some issues:

<?php $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username&&$password) { $connect = mysql_connect("localhost","elegant_root","password;1") or die("Couldn't connect!"); mysql_select_db("elegant_ezworkstation") or die("Couldn't find database"); $query = mysql_query("SELECT * FROM users WHERE username=$username"); $numrows = mysql_numrows($query); if ($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&$password==$dbpassword) { echo "You're in"; } else echo "Incorrect password!"; } else die("That user doesn't exist"); } else die("Please enter a username and a password"); ?>

EDIT: I changed to mysqli and I got these errors:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 3 Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 4
Improve this question
5
  • 1
    You need mysql connection before you call mysql_real_escape_string ... put it after the connection mysql_connect Commented Oct 25, 2012 at 14:26
  • Rewrite your code and use mysqli_() Commented Oct 25, 2012 at 14:26
  • 3
    If you're learning to code, don't learn from any tutorials that use mysql.... look for tutorials that use mysqli or (better still) PDO Commented Oct 25, 2012 at 14:31
  • I'm wondering what resource you're using that sent you down the path of using mysql_query in 2012. Commented Oct 25, 2012 at 14:33
  • Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented Oct 25, 2012 at 14:59

1 Answer 1

Reset to default
5

Putting mysql_real_escape_string() after you connect to the db will work fine.

However, you should shift to mysqli or PDO. MySQL is deprecated now. A few links to help you out

  1. Moving from mysql to mysqli or pdo?
  2. mysqli or PDO - what are the pros and cons?

The equivalent commands in mysqli and PDO for escaping would be mysqli_real_escape_string() and PDO::quote() respectively.

As people are pointing out, PDO is definitely the better alternative. Here is an answer I previously wrote comparing PDO with others.

PDO - real facts and best practice?

And another advantage of this will be that you don't need to use escaping functions if you use prepared statements with named parameters.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The thing about PDO and mysqli is you really don't need to use the SQL escaping functions directly if you use placeholders, which is really the only way to be safe.
I edited it so that it is using mysqli_real_escape_string() but now I get these error messages: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 3 Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/elegant/public_html/php/login.php on line 4
Please go through the official documentation here and see what you are missing.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.