mysql_real_escape_string(): Access denied for user

mysql_real_escape_string(): Access denied for user.

The above error will generally occur when we use mysql_real_escape_string() before making connection to database.

The The mysql data base connection should be made prior to use the mysql_real_escape string.



mysql_real_escape_string() :


The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement


The following characters are affected:

    \x00
    \n
    \r
    \
    '
    "
    \x1a

This function returns the escaped string on success, or FALSE on failure.

Syntax: mysql_real_escape_string(
string,connection)


proper usage:


<?php
function checkinput($value)
{


// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }


// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
  
  return $value;
}

$con = mysql_connect("localhost", "root", "1234");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


$user = check_input($_POST['user']);

$pwd = check_input($_POST['pwd']);

$sql = "SELECT * FROM employee WHERE user=$user AND password=$pwd";

mysql_query($sql);

mysql_close($con);

?>
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)