Home/ Questions/Q 9052753
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T13:15:30+00:00

Got code like: <?php require_once(../classes/pdo.class.php); $db = new mysql(); $db->connect(); class votingpanel{ public function

  • 0

Got code like:

<?php
require_once("../classes/pdo.class.php");
$db = new mysql();
$db->connect();
class votingpanel{

    public function logintopanel($username, $password){

        //Dane z logowania + token
        $login = mysql_real_escape_string($username); 
        $password = mysql_real_escape_string($password); 

            $sql = $db->prepare("SELECT * FROM xxx WHERE username = '$login'");
            $sql = $db->exec($sql);
            if($sql == 1){
                $password = sha1($password);
                $sql = $db->prepare("SELECT * FROM xxx WHERE username = '$login'");
                $sql = $db->exec($sql);
                $row = $sql->fetch();

                if($row['password'] == $password and $row['toplistadmin'] == 1){
                    $_SESSION['toplist_admin'] = 1;
                    $_SESSION['toplist_adminloged'] = 1;

                }
                else{
                    return false;
                }
            }
            else{
                return false;
            }


    }

}

?>

pdo class looks like:

<?php

require_once("../konfiguracja.php");

class mysql{
    public function connect(){
        try {
            $conn = new PDO('mysql:host=xxx;dbname=xxx', 'xxx', 'xxx');
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        } catch(PDOException $e) {
        echo 'ERROR: ' . $e->getMessage();
        }
    }
}
?>

And in return i get such errors:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'radiolev'@'localhost' (using password: NO) in /home/radiolev/public_html/top/toplist.class.php on line 10

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/radiolev/public_html/top/toplist.class.php on line 10

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'radiolev'@'localhost' (using password: NO) in /home/radiolev/public_html/top/toplist.class.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/radiolev/public_html/top/toplist.class.php on line 11

Fatal error: Call to a member function prepare() on a non-object in /home/radiolev/public_html/top/toplist.class.php on line 13

I don’t understand why it appears cause the mysql passwords are good. Tried them with normal mysql_connect and it worked but still dont know why it appears here in pdo ;s

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You shouldn’t try to use mysql_real_escape_strings() with PDO–it’s not in the PDO library (it’s in the old and nasty mysql library) and uses a different (global–blah) connection to the DB.

    First get rid of the 2 lines with the mysql_real_escape_strings().

    Second, you’re using prepared statements, so BIND your values–it’s easy! Just replace the variable with a placeholder that starts with a colon, without manually quoting it. Then call bindValue() with is a method of your newly created PDOStatement (created by $db->prepare()). Finally call execute on the statement.

                  $sql = $db->prepare("SELECT * FROM xxx WHERE username = :login ");
              $sql->bindValue(":login", $login);
              $result = $sql->execute();

    This will safely escape and protect from injection the $login variable on the mysql server side.

    • 0