0

So, when I run this login script, I get the following error:

PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in (...) on line 116.

I'm calling the database at the top of the script, and not getting any errors from PEAR... print_r($db) returns an object...

code follows:

<?php

function &db_connect() { 
  require_once 'DB.php'; 
  PEAR::setErrorHandling(PEAR_ERROR_DIE); 
  $db_host = 'internal-db.xxxxx.gridserver.com'; 
  $db_user = 'xxxxx'; 
  $db_pass = 'xxxx'; 
  $db_name = 'xxxxx_wedding2'; 
  $dsn = "mysqli://$db_user:$db_pass@$db_host/$db_name"; 
  $db = DB::connect($dsn); 
  $db->setFetchMode(DB_FETCHMODE_OBJECT); 
  return $db; 
}
$db = &db_connect();
if (DB::isError ($db))
     die ("Cannot connect: " . $db->getMessage () . "\n"); 

if (!isset($_SESSION['uid'])) {
  session_defaults();
}

function session_defaults() { 
  $_SESSION['logged'] = false; 
  $_SESSION['uid'] = 0; 
  $_SESSION['username'] = ''; 
  $_SESSION['cookie'] = 0; 
  $_SESSION['remember'] = false; 
}

class User {
  var $db = null; //PEAR::DB pointer
  var $failed = false; //failed login
  var $date;  //current date
  var $id = 0; //current users id

  function User(&$db) {   //is this the constructor?
    $this->db = $db;
    $this->date = $GLOBALS['date'];
    $this->role = $_SESSION['role'];
    if ($_SESSION['logged']) {
      $this->_check_Session();
    } elseif (!isset($_COOKIE['myLogin'])) {
      $this->_checkRemembered($_COOKIE['myLogin']);
    }

  }

   function _checkLogin($username, $password, $remember) {
    $username = $this->db->quote($username);  //uses PEAR::DB->quote method to sanitize input
    $password = $this->db->quote(md5($password)); // "  "
    $sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, $remember);
      return true;
    } else {
      $this->failed = true;
      $this->_logout();
      print "Sorry, you have entered an invalid username or password!";
      return false;
    }
  }

  function _checkRemembered($cookie) {
    list($username, $cookie) = unserialize($cookie);
    if (!$username or !$cookie) return;
    $username = $this->db->quote($username);
    $cookie = $this->db->quote($cookie);
    $sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, true);    
    }  
  }

  function _setSession(&$values, $remember, $init = true) {
    $this->id = $values->id;
    $_SESSION['uid'] = $this->id;
    $_SESSION['username'] = htmlspecialchars($values->username);
    $_SESSION['cookie'] = $values->cookie;
    $_SESSION['logged'] = true;
    $_SESSION['role'] = $values->role;
    if ($remember) {
      $this->updateCookie($values->cookie, true);
    }
   /* if ($init) {
    $session = $this->db->quote($_SERVER['REMOTE_ADDR']);
    $sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
    $this->db->query($sql);
    }*/
  }


  function updateCookie($cookie, $save) {
    $_SESSION['cookie'] = $cookie;
    if ($save) {
      $cookie = serialize(array($_SESSION['username'], $cookie));
      set_cookie;}
    }
  }

  function _logout() {
    session_defaults();
  }

  $date = time();
  $user = new User($db);
  $myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
  $mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword'])); 
  $status  = $user->_checkLogin;
  print_r($status);

Any thoughts what I'm missing here? Is there a better way to troubleshoot my db connection?

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
2

Please read mysql_real_escape_string() documentation. You should provide link to connection with mysql as 2nd argument.

Updated: if you want to store user's data to database, so why not use prepare() from PEAR::DB? It effectively protect you from SQL-injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hmm.. but the docs say that the 2nd argument in mysql_real_escape_string() (resource) should default to the last resource used, which I would expect to work. How do you get the resource from the DB object?
@starsinmypockets I don't know how to get raw mysql connection from DB object, so may be try get rid of mysql_real_escape_string() and use prepare()?
yeah, getting rid of mysql_real_escape_string() does it thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.