Geek Answers Handbook

MySQLi and mysql_real_escape_string () errors

I am using Oops MySQLi to connect to my database. I checked my credentials and everything will be fine.

$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB) or die('There was a problem connecting to the database.'); if (mysqli_connect_errno()) { printf("Can't connect to MySQL Server. Errorcode: %s\n", mysqli_connect_error()); exit; } if ($result = $mysqli->query('SELECT * FROM places WHERE place_id=' . mysql_real_escape_string($_GET['id']))) { while( $row = $result->fetch_assoc() ){ printf("%s (%s)\n", $row['name'], $row['place_id']); } $result->close(); } $mysqli->close();

This code generates an error:

 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '-removed-'@'localhost' (using password: NO) in /var/www/vhosts/communr.com/httpdocs/pbd/places.php on line 396 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /var/www/vhosts/communr.com/httpdocs/pbd/places.php on line 396

I cannot understand why I am getting these errors. They started showing up when I moved the servers recently. I am establishing a SQL connection before a query.

Do you all think that some settings may be corrupted on my new server?

Thanks!

+8
php mysql mysqli
source share
1 answer

mysql_real_escape_string requires a connection, which must be established through mysql_connect order to work. $mysqli->real_escape_string requires mysqli work. Thus,

Use MySQli::real_escape_string instead:

 'SELECT * FROM places WHERE place_id='.$mysqli->real_escape_string($_GET['id']);

But keep in mind that you need to quote it to be safe:

 'SELECT * FROM places WHERE place_id=\''.$mysqli->real_escape_string($_GET['id']).'\'';

However, since it looks like an integer, you should use it as such, and not avoid it:

 'SELECT * FROM places WHERE place_id='.(int) $_GET['id'];
+15
source share

More articles:


All Articles