mysql_real_escape_string is not working in cakephp

Question

mysql_real_escape_string is not working in cakephp . I am getting error like below . mysql_real_escape_string(): Access denied for user 'root'@'localhost' (using password: NO) [APP/Controller/add.php, line 123] database connection:

  <?php

    class DATABASE_CONFIG {

        public $default = array(
            'datasource' => 'Database/Mysql',
            'persistent' => false,
            'host' => 'localhost',
            'login' => 'xyz',
            'password' => 'password',
            'database' => 'xyz',
            'prefix' => '',
            //'encoding' => 'utf8',
        );

        public $test = array(
            'datasource' => 'Database/Mysql',
            'persistent' => false,
            'host' => 'localhost',
            'login' => 'xyz',
            'password' => 'password',
            'database' => 'xyz',
            'prefix' => '',
            //'encoding' => 'utf8',
        );
    }
     ?>




 <?php 
          $price1=implode("'~'",array_map('mysql_real_escape_string',$this->request->data['iupdate']['price']));
    ?>

localhost its working fine but in server getting an error .

$name1=implode("'~'",($this->request->data['update']['name'])); — svwsvw svwsvw, May 06 '15 at 10:41
yes in localhost its working fine but in server its not working . showing an error .. thats also only where i written code mysql_real_escape_string part . — svwsvw svwsvw, May 06 '15 at 10:56
Cake will deal with the escaping for you. You really should read up on Models in Cake (http://book.cakephp.org/2.0/en/models.html) as it seems you're not familiar with how saving and retrieving data works. — drmonkeyninja, May 06 '15 at 11:51

score 2 · Accepted Answer · answered May 06 '15 at 11:05

2

I don't know cake php, but IMHO, you just cannot use mysql_real_escape_string, because:

firstly, it is deprecated.

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
secondly, according to php doc :

The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments.

So, you are trying to connect to your production server via the values set in the php.ini and of course, you cannot connect with root privileges for security reasons.

As I told you: I don't know cakePHP, but I am pretty sure, there is a function to escape the strings, or -better- the strings are automatically escaped using a PDO prepare statement

answered May 06 '15 at 11:05

n00dl3

21,213
7
66
76

1

CakePHP has a ORM that completely takes care of that. I don't even know why he tries to use that function, it's totally against the idea of almost every framework that comes with a ORM or other kind of DB abstraction layer. – floriank May 06 '15 at 12:15
@burzum Is there any equivalent to mysql_real_escape_string to be used in CakePHP, I need to filter data so that it can be passed forward to a curl request? I am using 3.1 version, I guess will have to use the Sanitize library. – Deepanshu Goyal Mar 30 '16 at 04:35
Read the php manual about mysql_real_escape_string and Google for that function name. You're *years* behind, it's deprecated and shouldn't be used any more. – floriank Mar 30 '16 at 06:53

score 1 · Answer 2 · answered May 18 '15 at 14:11

1

If you found this during installing cakephp 2.0 and more then replace 'login' => 'xyz', with 'username' => 'xyz'.

Simple trick solves it all.

answered May 18 '15 at 14:11

saqib055

11
3

mysql_real_escape_string is not working in cakephp

2 Answers2