-1

I use this code :

<?php
    // Get values from form
    $name= mysql_real_escape_string($_POST['name']);
    if (empty($name)) {
        echo "No information has entered";
        echo "<br/>";
        echo "<br/>";
        echo "<a href='index.php'>Return to Homepage</a>";
        exit;
    }

    $host="localhost"; // Host name
    $username="root"; // Mysql username
    $password=""; // Mysql password
    $db_name="pin"; // Database name
    $tbl_name="test"; // Table name

    // Connect to server and select database.
        mysql_connect("$host", "$username", "$password")or die("cannot connect");
        mysql_select_db("$db_name")or die("cannot select DB");

            // Insert data into mysql
            $sql = "UPDATE $tbl_name SET `Used` = '1' WHERE `test`.`Code` =$name;";
            //echo $sql; exit;
            $result=mysql_query($sql);

            // if successfully insert data into database, displays message "Successful".
            if($result){
                echo "Your Information </br>";
                echo "<BR>";
                echo "<a href='index.html'></a>";
                $result = mysql_query("SELECT Code FROM `test` WHERE  `Code` =$name" );
                    while ($row = mysql_fetch_array($result)) {
                            printf("Code: %s </br>", $row[0]); 
                                $foundcode=$row[0];
                    }
                    if (!empty($foundcode)) {
                        echo "<BR>";
                        echo "<a href='".$foundcode.".pdf'>Click here to download.</a>";
                    }
                        if (empty($foundcode)){
                        echo "<BR>";
                        echo "Password is wrong";
                        }
                        mysql_free_result($result);
                echo "<BR>";
                echo "<BR>";
                echo "<BR>";
                echo "<a href='index.php'>Exit</a>";
            }

            else {
                echo nl2br ("Entered Information are not valid, Please enter valid information </br></br>");
                echo "<a href='index.php'>Return to Homepage</a></br></br>";
            }

        // close connection
        mysql_close();
?>

but i receive this error:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO)

I read some help but i can't fix it . I read some answer about this problem like:

  1. Fatal error: Call to a member function prepare() on a non-object in PHP Call to a member function prepare() on a non-object error Fatal error: Call to a member function prepare() on a non-object with PDO

Although i change the DB user & pass but that problem still is Exist.

Community
  • 1
  • 1
Sohrab yazdan
  • 9
  • 3

1 Answers1

0

mysql_real_escape_string() needs a database connection, because the way that escaping should be done depends on connection parameters.

The MySQL extension of PHP tries to create a database connection if it needs one and does not find one that can be used. Hence the error message.

Call mysql_real_escape_string() after mysql_connect().

Oswald
  • 31,254
  • 3
  • 43
  • 68
  • how can i create mysql connection? – Sohrab yazdan Jul 27 '13 at 10:32
  • @KhosroYazdan http://php.net/manual/en/function.mysql-connect.php (and read the warning please) – Simone Jul 27 '13 at 10:33
  • Although this answer is literally correct, it is missing the question context by a mile. – Your Common Sense Jul 27 '13 at 10:37
  • 1
    @YourCommonSense The question is "how can i resolve this error ?". How does "Call `mysql_real_escape_string()` after `mysql_connect()`" miss the question context? – Oswald Jul 27 '13 at 10:38
  • @KhosroYazdan - you are already creating the mysql-connection but AFTER the call to mysql_real_escape_string(). Therefore: Move code-block with mysql_real_escape_string() below the mysql_connect and mysql_select_db - calls. – bestprogrammerintheworld Jul 27 '13 at 10:41