-2

why do these warnings come when i'm trying to login into my page ??i tried browsing and most of the forums are advising to shut the notifications off but i don't think its good programming all i want is to learn how to fix this issue or warnings, i'm getting these errors below

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\sot\sot.php on line 12

Warning: mysql_real_escape_string(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 12

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\sot\soft.php on line 13

Warning: mysql_real_escape_string(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 13

Warning: mysql_query(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\soft\sot.php on line 14

Warning: mysql_query(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 14

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sot\sot.php on line 15

this is my login page

<?php
session_start();
include_once 'dbconfig.php';

if(isset($_SESSION['user'])!="")
{
    header("Location: admin.php");
}

if(isset($_POST['btn-login']))
{
    $email = mysql_real_escape_string($_POST['email']);
    $upass = mysql_real_escape_string($_POST['pass']);
    $res=mysql_query("SELECT * FROM users WHERE email='$email'");
    $row=mysql_fetch_array($res);

    if($row['password']==md5($upass))
    {
        $_SESSION['user'] = $row['user_id'];
        header("Location: admin.php");
    }
    else
    {
        ?>
        <script>alert('wrong details');</script>
        <?php
    }

}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ALEXORG</title>
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />

</head>
<body id="login">
 <div class="container">

      <form class="form-signin" method="post">
        <h2 class="form-signin-heading text-center">Muligence 1.0</h2>
        <label for="inputEmail" class="sr-only">Email address</label>
        <input type="text" name="email" id="inputEmail" class="form-control" placeholder="Enter Your email" required autofocus>
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password"  name="pass"  id="inputPassword" class="form-control" placeholder="Password" required>
        <div class="checkbox">
          <label>
            <input type="checkbox" value="remember-me"> Remember me
          </label>
        </div>

        <button class="btn btn-lg btn-primary btn-block" type="submit" name="btn-login">Sign in</button>
        <a href="register.php">Sign Up Here</a>
      </form>

    </div> <!-- /container -->




<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="js/bootstrap.js"></script>

</body>
</html>

i'm new to programming and php and i want to learn kindly help with suggestions or links where i can find the useful information this is my dbconfig code

<?php

$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "ca@19";
$DB_name = "zack";


try
{
    $DB_con = new PDO("mysql:host={$DB_host};dbname={$DB_name}",$DB_user,$DB_pass);
    $DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
    echo $e->getMessage();
}

include_once 'clo.crud.php';

$crud = new crud($DB_con);

?>
bankias
  • 13
  • 4
  • Yes, connect to a database before trying to use the `mysql_real_escape_string` – RiggsFolly Dec 22 '15 at 14:59
  • That problem is because the database connection can't be made. Oh and `mysql_*` functions are deprecated from PHP 5.5, you should use `mysqli_*` alternatives. – Geoff Atkins Dec 22 '15 at 15:00
  • you're probably connecting with mysqli_ or PDO, who knows. Could be anything. Pass DB connection to the escape functions. – Funk Forty Niner Dec 22 '15 at 15:00
  • 2
    and this `if(isset($_SESSION['user'])!="")` will never work. It's invalid syntax. – Funk Forty Niner Dec 22 '15 at 15:01
  • Show us your `dbconfig.php` code – RiggsFolly Dec 22 '15 at 15:01
  • Please dont use the `mysql_` database extensions, it is deprecated (gone for ever in PHP7) Especially if you are just learning PHP, spend your energies learning the `PDO` or `mysqli_` database extensions, [and here is some help to decide which to use](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – RiggsFolly Dec 22 '15 at 15:02
  • One point in your favour, **you have good instincts** Stopping errors from being shown on the page is a **very bad and amateurish approach**. – RiggsFolly Dec 22 '15 at 15:05
  • *"all i want is to learn how to fix this issue or warnings, i'm getting these errors below"* - even if you get rid of the warnings, your code won't work, period... end of story. – Funk Forty Niner Dec 22 '15 at 15:09
  • @RiggsFolly i have added my connection code thanks – bankias Dec 22 '15 at 16:08
  • You cannot connect to the database using the PDO extension and then attempt to use a function from a different `mysql_` extension. Stick to all PDO functions/methods Also `mysql_` has now been removed from PHP7 – RiggsFolly Dec 22 '15 at 16:11

1 Answers1

0

You're using PDO to connect to the database, but then trying to use ext/mysql (which is incompatible as well as being obsolete) to escape your data.

You need to pick one database API (PDO is a good choice) and stick to it.

This answer shows you how to escape data using PDO.

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array('name' => $name));
Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335