5

In the following code I see echo1 statement, after which I do not see anything printed on the UI.The username and password is correct. But PHP doesn't seem to connect to MySQL. Don't even see the die statement what am I doing wrong. After mysql_connect is encountered the rest of the code doesn't work:

<?php    
echo "echo1==========";
$con = mysql_connect("localhost","root", "xxxx123") or die("Error connecting to database");
echo "+++++++++ echo2";
echo $con;
mysql_close($con);
  ?>
Rajeev
  • 44,985
  • 76
  • 186
  • 285
  • 1
    Try to use `'` instead of `"`, e.g. `mysql_connect('localhost', 'mysql_user', 'mysql_password');` Try it and let me know! I will elaborate! – Ilia Ross Oct 27 '12 at 13:23
  • Do you have your `error reporting` turned on? – Ghazanfar Mir Oct 27 '12 at 13:23
  • Also try ..or die(mysql_error()); to get more information.. – intelis Oct 27 '12 at 13:24
  • 2
    @Ilia Rostovtsev: it doesn't matter. The problem is that the error reporting is turned off. Rajeev, turn on the error reporting then you will se what is the problem but please do not use the mysql_ stuffess, try PDO or mysqli_ – Peter Kiss Oct 27 '12 at 13:27
  • After turning on the reporting i get Fatal error: Call to undefined function mysql_connect() – Rajeev Oct 27 '12 at 13:33
  • @Rajeev which server are you using..?? – StaticVariable Oct 27 '12 at 13:36
  • @Rajeev Yes... what PHP? 5.4... consider using MySQLi (objects) now. MySQL (resources) is no longer supported. – CodeAngry Oct 27 '12 at 13:37
  • Now if i use mysql i get the error as Fatal error: Class 'mysqli' not found – Rajeev Oct 27 '12 at 13:49
  • 2
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained and the [deprecation process](http://j.mp/Rj2iVR) has begun on it. See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Madara's Ghost Oct 27 '12 at 14:00
  • sudo apt-get install php5-mysqli is obsolete – Rajeev Oct 27 '12 at 14:08

5 Answers5

4

You should be mising an error. Add :

ini_set('display_errors', 1);
error_reporting(E_ALL);

at the beggining of your script

Jscti
  • 14,096
  • 4
  • 62
  • 87
1

No output means a fatal error. The only possible fatal error is "undefined function mysql_connect (unless something's really messed up somewhere). This means the mysql library is not installed, or it might just not be enabled in the php.ini file.

Check said file, and while you're at it turn error_reporting on.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • I think so but i am not sure what changes has to be done in php.ini – Rajeev Oct 27 '12 at 13:36
  • Well, that would depend on if you are running Windows or Linux. If it's Windows, you need to add the appropriate DLL to the list of extensions. If it's Linux... I have no clue. Your webhost may be able to help you with this. – Niet the Dark Absol Oct 27 '12 at 13:37
0

If you use your code just like this then it's vulnerable for SQL Injection. I would strongly recommend using mysql_real_escape_string as you insert data into your database to prevent SQL injections, as a quick solution or better use PDO or MySQLi.

If you are going to use mysql_* then I'd recommend reading the PHP manual chapter on the mysql_* functions, where they point out, that this extension is not recommended for writing new code. Instead, they say, you should use either the MySQLi or PDO_MySQL extension.

I also checked mysql_connect and found a weird regularity which is - if you use " on mysql_connect arguments, then it fails to connect and in my case, when I was testing it, it happened just described way, so, please try this instead:

$con = mysql_connect('localhost','username','password');

Replace " to ' as it's shown in the PHP Manual examples and it might work!

EDITED

For those who downvote - TRY first! I tested it on my server with " and it gave me an error: Warning: mysql_connect(): Access denied for user. I use PHP version 5.4.6!

Login to your server with SSH and run php --modules - if you don't see mysql in the list - then it's the reason of your fatal error.

Community
  • 1
  • 1
Ilia Ross
  • 13,086
  • 11
  • 53
  • 88
  • Now the error is Fatal error: Call to undefined function mysql_connect() in /var/www/dbconnect.php on line 13 – Rajeev Oct 27 '12 at 13:31
  • 1
    May I ask how the OP's code is even remotely vulnerable to injection when there is absolutely no user input involved? And what difference will single quotes make over double quotes when there isn't a variable interpolation in sight? Do you even know what you're talking about? – Niet the Dark Absol Oct 27 '12 at 13:32
  • @Kolink yes i just turned on the error reporting and i go the error.Yes it doesnt matter with single or double quotes – Rajeev Oct 27 '12 at 13:34
  • 2
    @Kolink `mysql_connect` implies that the rest will be used! That is why. There is no reason to build a project on deprecated and vulnerable `mysql_` extension. – Ilia Ross Oct 27 '12 at 13:40
  • @Kolink I tried on my server few months ago putting `mysql_connect` in double quotes and it didn't work. I tested it many times - that's why I have written it! It didn't come out of the blue! I think it's the unnoticed bug! – Ilia Ross Oct 27 '12 at 13:42
  • And the fact that I've always used double-quotes without any issues is meaningless, I guess? Do you really think such a basic matter as string delimiters would be an unfixed bug? – Niet the Dark Absol Oct 27 '12 at 13:51
  • @Kolink, my friend, you're not listening! I don't think! It's the fact, at least for my server for sure! Try it on your server and let me know if it's true for you! – Ilia Ross Oct 27 '12 at 13:57
  • 4
    @Kolink: I personally treat all `mysql_*` functions as vulnerable to SQL injection by default. Whether an actual query is involved or not. For me it's another "excuse" to get the user moving away from it, fast. – Madara's Ghost Oct 27 '12 at 14:01
  • 2
    @Madara Uchiha Totally agree. Programming is about beauty (for me) not just about getting the desired result! The server part is not seen but it has to be done and organized nicely from the very first step! – Ilia Ross Oct 27 '12 at 14:05
  • 1
    @IliaRostovtsev: It is seen, by other developers in the future, maintaining your code, or even future you. As someone wiser than me once said, *be nice to future you*. – Madara's Ghost Oct 27 '12 at 14:07
  • Well, I would gladly move to prepared statements... but then I see all the SO questions asking how to do something with prepared statements that would be extremely easy in plain MySQL (most frequently selecting a column that is not known ahead of time) and I think "Meh, I'd rather just know the safety risks and sanitise everything." – Niet the Dark Absol Oct 27 '12 at 14:10
  • Using double or single quotes has absolutely no relevance to this problem whatsoever. Come on.... the only time it has relevance is when you use variables within the string, such as `"$user"`, but why would you do that. – eis Oct 27 '12 at 14:12
  • @eis I would think the same if I didn't try it myself 3 times in a row on different days! Check it yourself and you might encounter the same! ;) I'm positive on that! I don't know the reason why it's happening but it's just the way it is! No variables just plain username and password. Actually, just found out, if a field (username or password) has special characters than what I'm talking about applies! – Ilia Ross Oct 27 '12 at 14:15
  • I tested just to humor and there is no difference. Why in the world would there be? Can you provide an example how it is for you? – eis Oct 27 '12 at 14:26
  • @eis Again, I tested it and for the world's sake I don't know the reason why but there is in my case! If you used password like `123` I think it's not applicable in this case! Use as password something like `$n]v$t@-Ho#;%X5?J3TGUi$?` and then you could see the difference! May be not but again don't ask me why because I'm just like you - surprised to see the difference. My PHP version is 5.4.6 by the way. – Ilia Ross Oct 27 '12 at 14:30
  • @IliaRostovtsev see my comment about variables in the string, you have `$` in there... it needs to be escaped properly – eis Oct 27 '12 at 15:07
  • @eis Thanks, that's the case, I think. It's better to use single quote to make it universally applicable! – Ilia Ross Oct 27 '12 at 15:22
0

The issue was that the ph5-mysql driver was not installed .Installed it and got it working..Now mysql_connect() function works..Thanks for all the help

Rajeev
  • 44,985
  • 76
  • 186
  • 285
0

For Tomcat 7, the default dir for php.ini is actually C:\windows. So modified (enabling modules, extensions etc.) php.ini should be copied to C:\windows. Then run phpinfo();. It should work fine even on Tomcat 7 along side PHP 5.x. I had this problem and struggled a lot when I wanted the mysql statements to work.

Even after following all instructions from answers in [779246] (Run a php app using tomcat?), mysql statements didn't work (Tomcat 7, PHP 5.2.16, PECL 5.2.5, MySql 5.6 on Windows 7). So I started looking into "phpinfo();" output carefully and used solution as mentioned in earlier paragraph. Please be sure to enable mysql dll extension and also PDO extensions in php.ini if you would like to use PDO (which is future of plain mysql_* methods in PHP).

Community
  • 1
  • 1
Prasad
  • 349
  • 2
  • 6