警告:mysql_real_escape_string():用户"@'localhost"的访问被拒绝(使用密码:NO) [英] Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO)

查看:95
本文介绍了警告:mysql_real_escape_string():用户"@'localhost"的访问被拒绝(使用密码:NO)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在不使用mysql_real_escape_string的情况下使用以下代码时,效果很好.我只是试图抓住一个可能带有撇号的文本字符串.从输入表单并将其格式化以放入mysql表中.

When is use the following code without mysql_real_escape_string, works fine. I simply trying to grab a text string that may have apost. from an input form and format it to put in mysql table. 

    <?php
    $filenamee = $_FILES["file"]["name"];
    $filename =strval($filenamee);
    echo "file name is".$filename;

     $con=mysqli_connect("localhost","blasbott_admin","lubu1973","blasbott_upload");
     // Check connection
     if (mysqli_connect_errno())
       {
   echo "Failed to connect to MySQL: " . mysqli_connect_error();
   }
 $companyName = mysql_real_escape_string($_POST['companyName']);
// $companyName = mysql_real_escape_string($companyNamee);
 //$companyName = mysql_real_escape_string($companyNamee);

$sql="INSERT INTO ads (companyName, webSite, picture)
 VALUES ('$companyName','$_POST[webSite]','$filename')";

if (!mysqli_query($con,$sql))
   {
   die('Error: ' . mysqli_error($con));
   }
   echo"<br>";
 echo "1 record added";

mysqli_close($con);
 ?>

推荐答案

您有遭受MySQL注入的风险.切勿先将数据直接插入数据库,而无需先进行某种类型的投影.这是主要的安全风险.也请改用mysqli_real_escape_string,并注意您的$ _POST [webSite]未受保护.

You're at risk of MySQL injections. Never insert data directly to a database without some sort of projection first. It's a major security risk. Also use mysqli_real_escape_string instead, and note that your $_POST[webSite] is unprotected.

此外,您的错误意味着您的数据库详细信息不正确.

Also, your error means that your database details are not correct.

这篇关于警告:mysql_real_escape_string():用户"@'localhost"的访问被拒绝(使用密码:NO)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆