Yii Framework Forum: mysql_real_escape_string() access denied - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

mysql_real_escape_string() access denied Rate Topic: -----

#1 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 06 August 2009 - 10:43 PM

I'm getting the error below when using mysql_real_escape_string(). This is only happening with a new hosting company. I'm sure the database credentials are fine since the site runs fine and only gets an error when using mysql_real_escape_string(). Also not sure why the error says (using password :NO, since password is required and given in db connection. The section set of code is the db connection.

Any ideas?

Thanks,

R

Here is the error
PHP Error

Description

mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'user'@'localhost' (using password: NO)

Source File

/home/public_html/protected/models/NewsForm.php(76)

00064:             return $result;
00065:                 
00066:         }
00067:         
00068:         
00069:     public function updateArticle() //
00070:         {
00071:             
00072:         
00073:             //let's save everything
00074:             $connection=Yii::app()->db;
00075:             
00076:             $this->title = mysql_real_escape_string(trim($this->title));
00077:             $this->article = mysql_real_escape_string(trim($this->article));
00078:             
00079:             
00080:             
00081:             $sql="UPDATE ...'"; 
00082:             //echo 'the sql is:'.$sql;                        
00083:             
00084:                         
00085:             $command=$connection->createCommand($sql);
00086:             $result = $command->execute($sql); 
00087:             return $result;
00088:                 
Stack Trace

#0 /home/dehw3328/public_html/protected/models/NewsForm.php(76): mysql_real_escape_string()
#1 /home/dehw3328/public_html/protected/controllers/NewsController.php(140): NewsForm->updateArticle()
#2 /home/dehw3328/yii/framework/web/actions/CInlineAction.php(32): NewsController->actionUpdate()
#3 /home/dehw3328/yii/framework/web/CController.php(279): CInlineAction->run()
#4 /home/dehw3328/yii/framework/web/filters/CFilterChain.php(129): NewsController->runAction()
#5 /home/dehw3328/yii/framework/web/filters/CFilter.php(41): CFilterChain->run()
#6 /home/dehw3328/yii/framework/web/CController.php(917): CAccessControlFilter->filter()
#7 /home/dehw3328/yii/framework/web/filters/CInlineFilter.php(59): NewsController->filterAccessControl()
#8 /home/dehw3328/yii/framework/web/filters/CFilterChain.php(126): CInlineFilter->filter()
#9 /home/dehw3328/yii/framework/web/CController.php(262): CFilterChain->run()
#10 /home/dehw3328/yii/framework/web/CController.php(236): NewsController->runActionWithFilters()
#11 /home/dehw3328/yii/framework/web/CWebApplication.php(332): NewsController->run()
#12 /home/dehw3328/yii/framework/web/CWebApplication.php(120): CWebApplication->runController()
#13 /home/dehw3328/yii/framework/base/CApplication.php(133): CWebApplication->processRequest()
#14 /home/dehw3328/public_html/index.php(12): CWebApplication->run()


Db connection from main:
'db'=>array(
			'class'=>'CDbConnection',
			'connectionString'=>'mysql:host=localhost;dbname=databasename',
			'username'=>'user',
			'password'=>'password',
		),

0

#2 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 07 August 2009 - 02:25 AM

mysql_escape_string() expects a link id as second parameter and tries to create one if not specified:

Quote

link_identifier The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level error is generated.


Yii uses PDO instead of mysql_connect(). Why do you want to escape your string? PDO automatically takes care of that.
0

#3 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 07 August 2009 - 07:59 AM

Thanks Mike. I was having problems with the link identifier so I eliminated and it assumed the last used. This all worked fine until recently.

I wasn't aware that PDO automatically performed the same function. I guess I was being overly cautious. This saves me some code... great. Thanks for the tip.

R
0

#4 User is offline   MarcS 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 96
  • Joined: 05-July 09

Posted 08 August 2009 - 11:49 AM

View Postrpaulpen, on 07 August 2009 - 07:59 AM, said:

Thanks Mike. I was having problems with the link identifier so I eliminated and it assumed the last used. This all worked fine until recently.

I wasn't aware that PDO automatically performed the same function. I guess I was being overly cautious. This saves me some code... great. Thanks for the tip.

R


obviously it only does this when you use the params array and make use of prepared statements
0

#5 User is offline   trenchard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 07-December 10
  • Location:California

Posted 02 September 2011 - 03:52 PM

I have a model method like this...

public function beforeSave() {
	$this->password = hash_hmac('sha256',$this->newPassword,'asdof87ygh',true);
	 return true;
}


I'm assuming AR escapes the field string in the validation step or in save. Can someone confirm?



0

#6 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 03 September 2011 - 03:03 AM

Yes. Prepared statements are used pretty much anywhere internally. They do escaping for you:
http://de2.php.net/m...-statements.php
2

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users