connect to mysql databasw

[beernice]

Hi, I am trying to connect to my sql database using php, but i keep getting the following errors


Warning: mysql_connect(): Access denied for user 'beernice'@'localhost' (using password: YES) in /home/beernice/public_html/connection.php on line 5

Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in /home/beernice/public_html/connection.php on line 6

Warning: mysql_query(): Access denied for user 'root'@'localhost' (using password: NO) in /home/beernice/public_html/check.php on line 8

Warning: mysql_query(): A link to the server could not be established in /home/beernice/public_html/check.php on line 8
Access denied for user 'root'@'localhost' (using password: NO)

I have two php files, connection and check
The code for the connection file is:
<?
$name = "beernice";
$pas = "nope";
$dbname = "beernice_regestration_members";
$con = mysql_connect("localhost",$name,$pas);
mysql_select_db($dbname,$con);
?>

and the code for the check file is:
<?php
if(isset($_POST['registration']))
{
require "connection.php";
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));

mysql_query("INSERT INTO beernice_registration_members(username,password) VALUES ('$username','$password')")
or die("".mysql_error());

echo "Successful Registration!";
}
?>

Help please!

 

[essellar]

I'd love to help, but first I have to say that I really can't let you do what you're trying to do here. Let me introduce you to little Bobby Tables:

(Comic copyright and courtesy xkcd.com; used with permission.)

The mysql_xxx functions are on their way out of PHP¹, and one of the reasons is that they're an open invitation to SQL injection attacks. Rather than build something that you're just going to have to rewrite in a few months anyway (and which will leave your site and your users vulnerable in the meantime), it's better to do it right in the first place.

And while it's nice that you're not storing passwords in plain text, unsalted MD5 hashing really isn't that much better. It would literally take just a few minutes to get most, if not all, of your users' passwords figured out. And you might not think that's very important at first — your site isn't very big or important, right, so what does it matter if the passwords go astray? The fact of the matter is that almost all web users use the same one or two or (at most) three passwords for everything they do on the web. That's not your fault, of course, but it does sort of become your responsibility. Since the password somebody uses on your site is likely to be the same as the one they use for, say, their PayPal account or their email account (which would allow a bad guy to gain access to everything they do), it's up to you — to all of us — to take security as seriously for our little hobby sites as we'd want our banks to take it when dealing with our money.

I've recently posted a link to a script based on the password hashing methods used in PHP 5.5.x and above (which are easy, actually secure and nearly foolproof), but it does require some computation time on the server. (That's good from a security perspective, but maybe not so nice when you have limited resources to work with.) You can also look at the PHP authentication script posted a while back by callumacrae (and you may want to read the thread there as well). Using PDO to talk to the database and a salted secure hash like Bcrypt or PBKDF2 will make your user information a lot safer, and it's not much harder to do (especially with most of the work done for you already).

As for the connection problems, your database user name is not the same as your cPanel user name. All of the information is in the wiki entry "How to Create a MySQL Database and User". Oh, and now that you've posted a password, you need to change it immediately.

______________________________________________________
¹ The ext/mysql extension is deprecated as of PHP 5.5.0.

 

[Skizzerz]

As a security precaution, I have changed your password. You will need to make use of the "Can't access your account?" link on the portal/sso sign-in page in order to reset it, a new temporary password will be sent to your email address.