MySQL doesn't connect to the database

Question

I am testing a local login database page on my pc under LAMP. And even though i can connect to mysql from terminal, I cannot do so from a php script. I've looked all over online but every where i go its just the following code in one variation or another

<!DOCTYPE HTML5>
<html>
    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    <link rel="stylesheet" type="text/css" href="style.css">
    <head>
    </head>
    <body>

    <?php

    $username = $_POST['username'];
    $password = $_POST['password'];

    /* connect to the db */
    $connection = mysql_connect('localhost', 'username', 'password') or die ("Connect error");
    mysql_select_db('myDatabase',$connection);
    /* show tables */
    $res = mysql_query("SHOW DATABASES", $connection) or die ("No Show Database");
    while ($row = mysql_fetch_row($res))
    {
        echo $row[0], '<br/>';
    }

    ?>

    </body>
</html>

There is another page that takes username and password and then pass it to this page via POST method, But this page instantly shows me Connect error. I event tried it with an if else instead of the or die but still can't connect.

`or die ("Connect error");` doesn't help you. `or die(mysql_error())` will, same for `or die ("No Show Database");` — Funk Forty Niner, Nov 19 '15 at 20:12
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Nov 19 '15 at 20:13
If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Nov 19 '15 at 20:13
use http://php.net/manual/en/function.error-reporting.php also — Funk Forty Niner, Nov 19 '15 at 20:14
what's the goal here? Use POST arrays/variables and act as parameter for the db connection? — Funk Forty Niner, Nov 19 '15 at 20:16
It's anybody's game. Just like baseball; I am outta here. *Slide DiMaggio, sliiiiiiiiiiiiiiiide!!!* - Edit: batter up Sam! @JayBlanchard — Funk Forty Niner, Nov 19 '15 at 20:24

score 3 · Accepted Answer · edited May 23 '17 at 12:31

3

You have to pass the variables to the connection function and show a meaningful error description:

$username = $_POST['username'];
$password = $_POST['password'];

/* connect to the db */
$connection = mysql_connect('localhost', $username, $password) or die(mysql_error());

Your script is at risk for SQL Injection Attacks. If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.

You really dont want to connect to your database in that fashion though, it leaves too much up to chance. And when you use passwords you really should use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack.

edited May 23 '17 at 12:31

Community

1
1

answered Nov 19 '15 at 20:14

Jay Blanchard

34,243
16
77
119

Unclean variables passed into database functions @vp_arth. I am trying to head it off at the pass. – Jay Blanchard Nov 19 '15 at 20:18
if you about `user/pass` - its mean is to receive unclean variables(as is). But if you about query, how `show databases` without any concatenations can be at risk of sql injections? – vp_arth Nov 19 '15 at 20:21
He is not passing them to `SHOW DATABASES;` The OP is passing them to `mysql_connect()` and there is *no* possibility of SQL inject there. I am just cautioning the OP. It isn't a matter of "if" it is a matter of "when" the OP will send user data to their database. – Jay Blanchard Nov 19 '15 at 20:23
Hm, ok) I just think, may be new hole was found in `mysql_connect`, say for very long password... May be you know, that I don't :) – vp_arth Nov 19 '15 at 20:25
@vp_arth stranger things have happened in `mysql_` ;-) – Funk Forty Niner Nov 19 '15 at 20:26
I have another issue: where to find guys to fix `segmentation faults` inside `pdo_firebird` driver :) – vp_arth Nov 19 '15 at 20:31
1

@JayBlanchard I see you were right all along Sam. I take it you've gotten your crystal ball back from the shop and all nicely polished, I might add ;-) – Funk Forty Niner Nov 19 '15 at 20:33
*Blind squirrels and nuts Ralph. Blind squirrels and nuts.* @Fred-ii- – Jay Blanchard Nov 19 '15 at 20:34
@JayBlanchard Let's only hope those squirrels know how to aim Sam, unlike those "3 blind mice". I wouldn't want them to shoot blindly in direction of my "family jewels". *crunch* – Funk Forty Niner Nov 19 '15 at 20:35

MySQL doesn't connect to the database

1 Answers1