Modern Php cause me errors:(

[Damagedcity.com]

After my host updated its php i have had lots of errors on my game.

I have changed most of it to get rid of most the errors but i got this one im not sure how to change.

$_POST['name'] = mysql_real_escape_string($_POST['name']);

$_POST['class'] = abs(@intval($_POST['class']));

Here is the error displayed:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'damagedc'@'localhost' (using password: NO) in /home/damagedc/public_html/business_create.php on line 17

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/damagedc/public_html/business_create.php on line 17

[modernmafia]

what host you using ( provider)(

[Damagedcity.com]

i use w3theory.com its because they updated the php so its cause the errors to now pop up

[Danny696]

Thats not because of a php error, its a human error. You need to add your password to the config.php file.

[Damagedcity.com]

nope everything on config is correct it is a php error its to do with the mysql_real_escape_string() on line 17 which i have shown u otherwise i wouldnt be able to logon have crons etc.

[Danny696]

Oh sorry, if your soo good at PHP, surley you would have fixed it. Right?

Im telling you, if your using W3theory, then you need a password, I know you havent got one.

[Dominion]

Check you, or an error somewhere, does not close the database connection anywhere.

[Damagedcity.com]

fixed

i just done this to avoid the problem and it seems to work

$_POST['name'] = ($_POST['name']);

$_POST['class'] = abs(@intval($_POST['class']));

[lucky3809]

well that does not make sense to have...

$_POST['name'] = ($_POST['name']);

take off the () no need for them you removed the mres... I doubt it had anything to do with the new php upgrade...

Edited June 12, 2011 by lucky3809

[Dominion]

The line is useless with or without the () it's just like saying 1 = 1; when 1 is already 1... I would also assume Mres was there to stop sql injection? you just opened yourself up for that...

[lucky3809]

haha true because your calling the same thing

[Danny696]

i just done this to avoid the problem and it seems to work

$_POST['name'] = ($_POST['name']);

$_POST['class'] = abs(@intval($_POST['class']));

Yeh you fixed it, but now i add a nice sql injection

[Damagedcity.com]

it was for sql injection but it didnt seem to work so yeah ill just make it 1=1

[Danny696]

So you want an insecure site instead of actually fixing it? Pfft, didnt think n00bs could be that lazy

[Dominion]

it was for sql injection but it didnt seem to work so yeah ill just make it 1=1

what? Maybe post your file so we can help?

[Damagedcity.com]

just for now until i find how to secure that bit noob:P

[Damagedcity.com]

die ('You are part of a job/company at this time, leave to start a new one.');

}

echo '<p class="heading">Create Company</p>';

$_POST['name'] = $_POST['name'];

$_POST['class'] = abs(@intval($_POST['class']));

if($_POST['name'] AND $_POST['class'])

[rulerofzu]

Sorry but upgrading PHP is not responsible for that. Go to http://www.php.net check the changelog for the version.

I know for a fact that mysql_real_escape_string works on the latest version of PHP. So does everyone else that uses php so the error lies elsewhere.

[a_bertrand]

You simply need to open the mysql connection BEFORE you can do mysql_real_escape_string, that's your problem. I believe you do it before any config.

[Dave]

Pick apart the error and it's very obvious.

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied (So you don't have access...) for user 'damagedc'@'localhost' (using password: NO(You've not set a password in config.php)) in /home/damagedc/public_html/business_create.php on line 17

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established(No connection) in /home/damagedc/public_html/business_create.php on line 17

Which clearly shows your information to connect to the MySQL server is incorrect. You'll need to find the correct information (as others have said) and input it into your config.php file, considering you need to be connected to the MySQL server before mysql_real_escape_string will work.