mysql_real_escape_string() access denied

I’m getting the error below when using mysql_real_escape_string(). This is only happening with a new hosting company. I’m sure the database credentials are fine since the site runs fine and only gets an error when using mysql_real_escape_string(). Also not sure why the error says (using password :NO, since password is required and given in db connection. The section set of code is the db connection.

Any ideas?

Thanks,

R

Here is the error


PHP Error


Description


mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'user'@'localhost' (using password: NO)


Source File


/home/public_html/protected/models/NewsForm.php(76)


00064:             return $result;

00065:                 

00066:         }

00067:         

00068:         

00069:     public function updateArticle() //

00070:         {

00071:             

00072:         

00073:             //let's save everything

00074:             $connection=Yii::app()->db;

00075:             

00076:             $this->title = mysql_real_escape_string(trim($this->title));

00077:             $this->article = mysql_real_escape_string(trim($this->article));

00078:             

00079:             

00080:             

00081:             $sql="UPDATE ...'"; 

00082:             //echo 'the sql is:'.$sql;                        

00083:             

00084:                         

00085:             $command=$connection->createCommand($sql);

00086:             $result = $command->execute($sql); 

00087:             return $result;

00088:                 

Stack Trace


#0 /home/dehw3328/public_html/protected/models/NewsForm.php(76): mysql_real_escape_string()

#1 /home/dehw3328/public_html/protected/controllers/NewsController.php(140): NewsForm->updateArticle()

#2 /home/dehw3328/yii/framework/web/actions/CInlineAction.php(32): NewsController->actionUpdate()

#3 /home/dehw3328/yii/framework/web/CController.php(279): CInlineAction->run()

#4 /home/dehw3328/yii/framework/web/filters/CFilterChain.php(129): NewsController->runAction()

#5 /home/dehw3328/yii/framework/web/filters/CFilter.php(41): CFilterChain->run()

#6 /home/dehw3328/yii/framework/web/CController.php(917): CAccessControlFilter->filter()

#7 /home/dehw3328/yii/framework/web/filters/CInlineFilter.php(59): NewsController->filterAccessControl()

#8 /home/dehw3328/yii/framework/web/filters/CFilterChain.php(126): CInlineFilter->filter()

#9 /home/dehw3328/yii/framework/web/CController.php(262): CFilterChain->run()

#10 /home/dehw3328/yii/framework/web/CController.php(236): NewsController->runActionWithFilters()

#11 /home/dehw3328/yii/framework/web/CWebApplication.php(332): NewsController->run()

#12 /home/dehw3328/yii/framework/web/CWebApplication.php(120): CWebApplication->runController()

#13 /home/dehw3328/yii/framework/base/CApplication.php(133): CWebApplication->processRequest()

#14 /home/dehw3328/public_html/index.php(12): CWebApplication->run()

Db connection from main:


'db'=>array(

			'class'=>'CDbConnection',

			'connectionString'=>'mysql:host=localhost;dbname=databasename',

			'username'=>'user',

			'password'=>'password',

		),

mysql_escape_string() expects a link id as second parameter and tries to create one if not specified:

Yii uses PDO instead of mysql_connect(). Why do you want to escape your string? PDO automatically takes care of that.

Thanks Mike. I was having problems with the link identifier so I eliminated and it assumed the last used. This all worked fine until recently.

I wasn’t aware that PDO automatically performed the same function. I guess I was being overly cautious. This saves me some code… great. Thanks for the tip.

R

obviously it only does this when you use the params array and make use of prepared statements

I have a model method like this…




public function beforeSave() {

	$this->password = hash_hmac('sha256',$this->newPassword,'asdof87ygh',true);

	 return true;

}

I’m assuming AR escapes the field string in the validation step or in save. Can someone confirm?

Yes. Prepared statements are used pretty much anywhere internally. They do escaping for you:

http://de2.php.net/manual/en/pdo.prepared-statements.php