Access denied using mysql_real_escape_string()

[fomalhaut]

Hello

I've this message on x10hosting, that I havn't on my two personnal computers and I don't understand why!

It's just at the begining of my script :

This is the begining of index.php :

<?php session_start(); 
include ('functions.php');
?>
<html><head><title>Fomalhaut</title>
<SCRIPT language=JavaScript src="fomalhaut.js"></script>
<link rel=stylesheet href="Fomalhaut.css" type="text/css">
</head>
<body text="#999999" link="00cccc" bgcolor="#060f14">
<div class="bkflot"><img src="19970405_19h45_C1995_O1_HaleBopp_JYC76_1A.jpg" width="100%" /></div>
<div class="flot"><center>
<form action="index.php" method="post">
Identifiant  :<br /><input type="text" name="utilisateur" id="utilisateur" /><br />
Mot de Passe :<br /><input type="password" name="upass" /><br />
<input type="submit" name="submit" id="submit" /><br />
<input type="submit" name="dcnx" value="d&eacute;connexion" id="dcnx" /><br />
<div id="TArea" ></div>
</form></center>
</div>

and that is the functions.php file :

<?php
// ce fichier est un include php
function safe($var) {
return mysql_real_escape_string($var);
}
?>

following is the messages :

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'user'@'chopin.x10hosting.com' (using password: NO) in /home/user/public_html/functions.php on line 4

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/user/public_html/functions.php on line 4

Does that mean I really must establish a connection with the database first ? but why not on my computers ?
Or are authorizations not sufficiant for the user ? why not on my computers ?
Or does this function (i.e. mysql_real_escape_string()) not exist on x10hosting ? so which can I use instead of it ?

Thinks for your help.

 

[descalzo]

1. Why are you using that function if you are not going to use the data in a mySQL operation?

2. You either have to establish a connection first, or your default settings must be sufficient to make the connection. On x10 the default settings are not sufficient.

 

[fomalhaut]

Hello

OK, thank you very much, Descalzo, I'll add a DB connect first. I'll try to do that with PDO (if I can).

your default settings must be sufficient to make the connection.

So, on my computers, the DB connection is implicite when I call this mysql function !


Thank you again.

 

[xav0989]

OK, thank you very much, Descalzo, I'll add a DB connect first. I'll try to do that with PDO (if I can).

So, on my computers, the DB connection is implicite when I call this mysql function !

First, if you use pdo, you'll have to change the mysql_real_escape function to the pdo escape function.
Second, it means your personal PHP settings were either setup for your mysql installation, or your mysql installation is not properly secured.

 

[fomalhaut]

Hello

First, if you use pdo, you'll have to change the mysql_real_escape function to the pdo escape function.

Of course I'll change it !

Second, it means your personal PHP settings were either setup for your mysql installation, or your mysql installation is not properly secured.

On my cmputers, the only one that is not secure is php :

PHP is NOT running in "safe mode" ---- unsecure
If do you want to offer PHP executions for outside persons, please think about a "safe mode" configuration. But for standalone developer we recommend NOT the "safe mode" configuration because some important functions will not working then.

My PHP computer is not open for the outside, only for development. So I think it's not necessary to work it in safe mode !

Thank you.