doutuan4361 2012-03-02 09:51
浏览 455
已采纳

使用mysql_real_escape_string()时访问被拒绝错误

i am trying escape some data before it goes into my database, but i keep getting this error:

Warning: mysql_real_escape_string(): Access denied for user

Now this would usually suggest that i have not connected to the database (it also states (using password: NO)).

I was a little confused by this because when connecting to a database i have a 'die' clause so if it fails to connect i get told about it. So i tested this theory by running a simple query in the same function that im trying to escape the data and it works just fine.

So why on earth won't the escape method work or get a connection to the database. I did notice that the user the error states is not the user i use to access the database its something like 'www-data@localhost'. Could it be trying to log in with a different user, if so why and how? Because i another area of my website the escape function works just fine and i didn't do anything special to make it work, just added the code into my web page.

thanks for the help.

Are there any other ways of sanitizing my code?

Okay, so here we go, when the user submits the form, i use AJAX to collect the data and put it into an obj to post(JSON encoding) it to the first PHP script which is here:

http://codepad.org/kGPljN4I

This script checks all the data is there and then calls a function to add it to the database

this Mysql class is called to escape the data and then add a new record to the database, when and instance of the class is made it makes a connection to the database:

http://codepad.org/wwGNrTJm

The third file is for constants, it holds the information for the database like pass, user and so on:

http://codepad.org/dl0QQbi9

any better?

thanks again for the help.

  • 写回答

3条回答 默认 最新

  • dqb14659 2012-03-02 11:47
    关注

    The problem is that you have established your connection using MySQLi, but are then calling mysql_real_escape_string(). You intend to be calling mysqli_real_escape_string() either in procedural context, or object oriented contex.

    class Mysql 
{
    private $conn;

    function __construct() 
    {

        $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
                      die('No Connection to database!');
    }

    function add_non_member($data) 
    {
        $email = $data->email;

            // Procedural call
            $san_email = mysqli_real_escape_string($this->conn, $email);

            // Or OO call (recommended)
            $san_email = $this->conn->real_escape_string($email);

                // etc...
        }

  // etc...;
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程
  • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
  • ¥15 关于smbclient 库的使用
  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?