堆栈内存溢出
  简体   繁体   English

使用mysql_real_escape_string()时访问被拒绝错误

[英]Access denied error when using mysql_real_escape_string()

 原文  2012-03-02 09:51:51       php/ mysql/ mysql-real-escape-string

问题描述

i am trying escape some data before it goes into my database, but i keep getting this error: 我试图逃避一些数据进入我的数据库之前,但我不断收到此错误: 

Warning: mysql_real_escape_string(): Access denied for user

Now this would usually suggest that i have not connected to the database (it also states (using password: NO)). 现在这通常表明我没有连接到数据库(它也说明(使用密码:NO))。

I was a little confused by this because when connecting to a database i have a 'die' clause so if it fails to connect i get told about it. 我对此感到有点困惑,因为当连接到数据库时,我有一个'die'子句,所以如果连接失败,我会被告知。 So i tested this theory by running a simple query in the same function that im trying to escape the data and it works just fine. 所以我通过在同一个函数中运行一个简单的查询来测试这个理论,我试图逃避数据,它运行得很好。

So why on earth won't the escape method work or get a connection to the database. 那么为什么地球上的转义方法不起作用或得到与数据库的连接。 I did notice that the user the error states is not the user i use to access the database its something like 'www-data@localhost'. 我注意到错误状态的用户不是我用来访问数据库的用户,例如'www-data @ localhost'。 Could it be trying to log in with a different user, if so why and how? 可能是尝试使用其他用户登录,如果是这样,为什么以及如何? Because i another area of my website the escape function works just fine and i didn't do anything special to make it work, just added the code into my web page. 因为我的网站的另一个区域,转义功能工作正常,我没有做任何特别的工作,只是将代码添加到我的网页。

thanks for the help. 谢谢您的帮助。

Are there any other ways of sanitizing my code? 还有其他方法可以清理我的代码吗?

Okay, so here we go, when the user submits the form, i use AJAX to collect the data and put it into an obj to post(JSON encoding) it to the first PHP script which is here: 好的,所以我们在这里,当用户提交表单时,我使用AJAX收集数据并将其放入obj以发布(JSON编码)它到第一个PHP脚本,在这里:

http://codepad.org/kGPljN4I http://codepad.org/kGPljN4I

This script checks all the data is there and then calls a function to add it to the database 此脚本检查所有数据,然后调用函数将其添加到数据库

this Mysql class is called to escape the data and then add a new record to the database, when and instance of the class is made it makes a connection to the database: 调用这个Mysql类来转义数据,然后向数据库中添加一条新记录,当它和类的实例建立时,它会建立与数据库的连接:

http://codepad.org/wwGNrTJm http://codepad.org/wwGNrTJm

The third file is for constants, it holds the information for the database like pass, user and so on: 第三个文件用于常量,它保​​存数据库的信息,如pass,user等:

http://codepad.org/dl0QQbi9 http://codepad.org/dl0QQbi9

any better? 好点?

thanks again for the help. 再次感谢您的帮助。

3 个解决方案

解决方案1
 9 已采纳  2012-03-02 11:47:00

The problem is that you have established your connection using MySQLi , but are then calling mysql_real_escape_string() . 问题是您已使用MySQLi建立了连接,但随后调用了mysql_real_escape_string() You intend to be calling mysqli_real_escape_string() either in procedural context, or object oriented contex. 您打算在过程上下文或面向对象的上下文中调用mysqli_real_escape_string() 

class Mysql 
{
    private $conn;

    function __construct() 
    {

        $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
                      die('No Connection to database!');
    }

    function add_non_member($data) 
    {
        $email = $data->email;

            // Procedural call
            $san_email = mysqli_real_escape_string($this->conn, $email);

            // Or OO call (recommended)
            $san_email = $this->conn->real_escape_string($email);

                // etc...
        }

  // etc...;
}

解决方案2
 3  2012-03-02 11:47:23

You're mixing ext/mysqli 你正在混合ext / mysqli 

$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME

with ext/mysql functions: 使用ext / mysql函数: 

$san_email = mysql_real_escape_string($email);

that last line should be 最后一行应该是 

$san_email = $this->conn->real_escape_string($email);

解决方案3
 0  2014-03-29 07:05:54

I also got this access denied warning and I was able to find the solution. 我也得到了这个访问被拒绝的警告,我能够找到解决方案。 The problem is that I have not setup mysql db connection before calling mysql_real_escape_string function. 问题是我在调用mysql_real_escape_string函数之前没有设置mysql数据库连接。

Solution: 解:

  • Call mysql_connect($host, $user, $password) first (Or you can call your database connect function) 首先调用mysql_connect($ host,$ user,$ password)(或者你可以调用你的数据库连接函数)
  • Then use mysql_real_escape_string($var) 然后使用mysql_real_escape_string($ var)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mysql_real_escape_string():在codeigniter中拒绝访问 - mysql_real_escape_string(): Access denied in codeigniter mysql_real_escape_string和用户'ODBC'@'localhost'的访问被拒绝 - mysql_real_escape_string and Access denied for user 'ODBC'@'localhost' 替代 mysql_real_escape_string (access_denied) - alternative to mysql_real_escape_string (access_denied) 警告:mysql_real_escape_string()[function.mysql-real-escape-string]:用户'a8221325'@'localhost'的访问被拒绝(使用密码:NO) - Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO) 警告:mysql_real_escape_string()[function.mysql-real-escape-string]:拒绝用户访问 - Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 警告:mysql_real_escape_string():用户''@ localhost'拒绝访问(使用密码:否) - Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) 使用mysql_real_escape_string()时拒绝对www-data进行Joomla访问 - Joomla access denied for www-data while using mysql_real_escape_string() 使用mysql_real_escape_string()时出错 - error while using mysql_real_escape_string() 使用准备好的语句时是否需要 mysql_real_escape_string()? - Is mysql_real_escape_string() necessary when using prepared statements? 使用mysql_real_escape_string时更多斜杠 - More slashes when using mysql_real_escape_string
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM