tags:

views:

59

answers:

3
+1  Q: 

Access denied when trying to access my database.

Here's my code:

<html>
    <head>
    </head>

    <body>
        <?php 
            $user = mysql_real_escape_string($_GET["u"]);
            $pass = mysql_real_escape_string($_GET["p"]);

            $query = "SELECT * FROM usario WHERE username = '$user' AND password = '$pass'";

            mysql_connect(localhost, "root", "");
            @mysql_select_db("multas") or die( "Unable to select database");

            $result=mysql_query($query);
            if(mysql_numrows($result) > 0){
                echo 'si';
            }   
         ?>
    </body>
</html>

And here's the error I get when I try to run it

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 7

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 7

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\useraccess.php on line 8

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\useraccess.php on line 8

Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\useraccess.php on line 16
+1  A: 

You need to put single quotes around 'localhost':

mysql_connect('localhost', 'root', '');

Also, a blank root password? Really?

Satanicpuppy  2010-06-01 21:58:11
Really..........
Serg  2010-06-01 21:59:43
+1 for last line.
Kerry  2010-06-01 22:00:23
actually, localhost will be considered a string literal. this answer is wrong, although it makes a good point about the blank root password.
Zak  2010-06-01 22:02:20
@zak: Better tell php.net, because that's what it looks like in the documentation for mysql_connect.
Satanicpuppy  2010-06-02 14:37:59
@satanicpuppy : although the "proper" way to include string literals is in double or single quotes, php will accept unquoted string literals as well. Just because it doesn't look the same doesn't mean it is wrong.
Zak  2010-06-02 22:32:00
+3  A: 

You need to make your database connection before you call

mysql_real_escape_string

if you don't want to do that, use

mysql_escape_string

instead, since it doesn't care about the connection

Zak  2010-06-01 21:59:42
I fixed it, and now I get this error after I followed your advice: Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\useraccess.php on line 19
Serg  2010-06-01 22:01:21
mysql_escape_string is deprecated.
webbiedave  2010-06-01 22:07:49
wow, it's been so long since I manually string escaped something without using a db layer that I didn't even know this happened!!!
Zak  2010-06-01 22:10:22
Also, sergio, please accept this answer as a solution to your problem, then open a new question. It helps keep things clear.
Zak  2010-06-01 22:11:16
@Sergio Tapia: Zak answered your question. You should accept this answer (instead of merely piggybacking questions). Learn to use `mysql_query($query) or die(mysql_error());` to investigate possible errors.
webbiedave  2010-06-01 22:11:31
@Zak: Yes. They should deprecate the whole API really :)
webbiedave  2010-06-01 22:12:53
yes they should. I suppose my real answer here should be "USE PDO!" (or equiv)
Zak  2010-06-01 22:14:05
+2  A: 

Move mysql_connect(localhost, "root", ""); above $user = ...

Flavius Stef  2010-06-01 22:00:33

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL