2014-10-19 216 views
-1

我在登錄php和SQL時遇到了一些問題登錄和註冊MySql Issuse

這是顯示的錯誤;

Warning: mysql_real_escape_string(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_real_escape_string(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_query(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_query(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_result() expects parameter 1 to be resource, boolean given in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 

General.php:

<?php 
function sanitize($data) { 
    return htmlentities(strip_tags(mysql_real_escape_string($data))); 
} 
?> 

users.php

<?php 
function user_exists($username) { 
    $username = sanitize($username); 
    return (mysql_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` =  '$username'"), 0) == 1) ? true : false; 
} 

function user_active($username) { 
    $username = sanitize($username); 
    return (mysqli_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND active = 1"), 0) == 1) ? true : false; 
} 

function user_id_from_username($username) { 
    $username = sanitize($username); 
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'); 
} 

function login($username, $password) { 
    $user_id = user_id_from_username($username); 

    $username = sanitize($username); 
    $password = md5($password); 

    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; 
} 
?> 

任何幫助將是驚人的!

+1

停止消毒輸入inputs.It將是一個很好的做法,使用參數化查詢代替。而在此時請不要使用md5作爲密碼,而是使用bcrypt或pbkdf2。 – JimL 2014-10-19 12:34:01

+0

你*看過*錯誤信息嗎?連接到數據庫時,您需要提供有效的登錄憑據。這似乎是你的連接代碼(沒有在問題中顯示)沒有這樣做。 – David 2014-10-19 12:39:04

+0

使用您能想到的所有功能並不是「清理」字符串的正確方法。 – arkascha 2014-10-19 12:41:11

回答

0

Access denied for user ''@'web83.local.one.com'

您正在試圖登錄不指定任何MySQL用戶。

,並嘗試使用PDO,MySQL是過時

0

您可以使用參數化查詢,而不是消毒,如果你使用bcrypt代替md5