1

I don't think my code's the problem because it's working on my local server (EDIT: sorry if this was the wrong place to ask, but I can't move to ServerFault by myself). On the remote server, though, I can't get mysql_real_escape_string() to work. The database connection is working, and I'm connecting before calling the function.

When I try echo $_POST['email'];, I get the right data, but when I try echo mysql_real_escape_string($_POST['email']); I get nothing.

Here's I get when I leave error reporting on:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: [2002] No such file or directory (trying to connect via unix://please_see_the_faq) in /f5/mysite/public/email_results.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: No such file or directory in /f5/mysite/public/email_results.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /f5/mysite/public/email_results.php on line 11

Is it possible that something with the PHP configuration is causing this? I'm hosting with NearlyFreeSpeech, if it matters.

Here's my insert code:

$db->query('INSERT INTO emails VALUES ("sampleemail@gmail.com")');

And here's how I'm connecting to the database:

@ $db = new mysqli('mysite.db', 'wizard', '(password)', 'mysite');
user460847
  • 1,578
  • 6
  • 25
  • 43
  • 15
    I stopped reading after: "I know my code's not the problem". – PeeHaa Mar 31 '12 at 18:47
  • 1
    Do you have a link to the database that is working? `mysql_real_escape_string` requires an active link. From your third warning, it looks like this is not the case. – Logan Serman Mar 31 '12 at 18:48
  • OK. Is there somewhere else I should ask about configuration issues? – user460847 Mar 31 '12 at 18:48
  • I'm pretty sure the link to the database is working because I can insert unescaped data just fine. – user460847 Mar 31 '12 at 18:49
  • Considering you have an error that says 'A link to the server could not be established', I don't think you have a link that is established. – Logan Serman Mar 31 '12 at 18:51
  • Alright, it looks like people are upset that this question isn't about code. Any way to move this to ServerFault? – user460847 Mar 31 '12 at 18:51
  • Huh. I'm wondering why it's letting me insert data if there's no link established. – user460847 Mar 31 '12 at 18:52
  • You may be establishing a link after you are using `mysql_real_escape_string`, but before you are inserting the data. – Logan Serman Mar 31 '12 at 18:54
  • I just moved the insert call above the mysql_real_escape_string() call. The insert's still working but mysql_real_escape_string() still isn't. – user460847 Mar 31 '12 at 18:59

2 Answers2

9

You see that first error...the one saying "trying to connect via unix://please_see_the_faq"? That means PHP is trying to connect to your MySQL server (the same as it would via mysql_connect with no params), but it doesn't have the correct params to connect. It doesn't even know where the database socket is.

If you're not connecting to the database using mysql_connect, then you shouldn't be using mysql_real_escape_string. If you do, then it'll try to connect to the database on its own, using the default params in php.ini (the results of which, you're currently seeing). It looks like you're using mysqli, which is a whole different extension, and has its own escape function -- mysqli_real_escape_string. Use that instead.

Or, get a clue and learn to use prepared statements as the gods intended.

cHao
  • 84,970
  • 20
  • 145
  • 172
  • I did read that, but I'm using what NearlyFreeSpeech recommends as the hostname, and inserting data to the database works. – user460847 Mar 31 '12 at 19:10
  • 1
    You probably shouldn't be using `mysql_real_escape_string` then -- it's meant to be used after a `mysql_connect` (not `mysqli_connect`, not `new PDO`, not any other stuff), or else it'll try to open the connection on its own using the default connection params in php.ini (which are almost certainly not what you want, and in fact are what's causing your current issue). – cHao Mar 31 '12 at 19:13
  • 1
    It'd be better if you used `mysqli_real_escape_string` (or even better, prepared statements) instead. All the mysql_* stuff is ancient and barely supported anymore, and should be forgotten about. – cHao Mar 31 '12 at 19:25
  • OK, I'm using mysqli_real_escape_string and it's working perfectly. Thanks! – user460847 Mar 31 '12 at 19:37
  • I'll look into prepared statements. – user460847 Mar 31 '12 at 19:39
2

I suppose that your insert code (which you hiding as though it's National Reserve) is using whatever else driver, not the plain mysql one.

That means you shouldn't use mysql_real_escape_string(), but some driver-specific escaping/binding function.

daniel__
  • 11,633
  • 15
  • 64
  • 91
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • I added the insert code--not trying to hide it, just didn't realize it mattered. – user460847 Mar 31 '12 at 19:12
  • OK, I was wrong to assume that the connection was working just because I could insert data. I'll try to fix that. – user460847 Mar 31 '12 at 19:19
  • OK, I get it now. Sorry, I've never put anything on a remote server before. – user460847 Mar 31 '12 at 19:31
  • Also, I didn't see this part of your answer: "That means you shouldn't use mysql_real_escape_string(), but some driver-specific escaping/binding function" when I posted "OK, I was wrong to assume that the connection was working just because I could insert data. I'll try to fix that." Just hadn't refreshed the page, and that part was an edit. I do read your answers; no need to assume the worst. – user460847 Mar 31 '12 at 19:33
  • @YourCommonSense, I certainly hope _my_ common sense is not this rude. – jb. Mar 31 '12 at 20:41
  • @jb.: It more than likely is. Wait til you do something utterly stupid and see if you don't beat yourself up over it. :) – cHao Apr 01 '12 at 01:52