Html Form Submitted from <?php //////////////////////////////////////////////////////////////////////////////////// ###### Require Database ###### //////////////////////// require_once(‘src/cfg/dbi.php’); //////////////////////////////////////////////////////////////////////////////////// ######

Question

0

Asked: May 31, 20262026-05-31T12:04:48+00:00 2026-05-31T12:04:48+00:00

Html Form Submitted from <?php //////////////////////////////////////////////////////////////////////////////////// ###### Require Database ###### //////////////////////// require_once(‘src/cfg/dbi.php’); //////////////////////////////////////////////////////////////////////////////////// ######

0

Html Form Submitted from

<?php
////////////////////////////////////////////////////////////////////////////////////
###### Require Database ######                              ////////////////////////
require_once('src/cfg/dbi.php');

////////////////////////////////////////////////////////////////////////////////////
###### Call Session Functions Include ######                ////////////////////////            
require_once('src/cfg/sess_function.php');                  ////////////////////////
###### Call function as contained in sess_function() ######                       //
session_set_save_handler('_open','_close','_read','_write','_destroy','_clean');  //                            
###### Start session ###### ////////////////////////////////////////////////////////
session_start(); ///////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////



#fullname, email, password
    // Verify input was even provided
if (isset($_POST['fullname']) && isset($_POST['email']) && isset($_POST['password'])) {
    // Clean Input
    $userName = mysql_real_escape_string($_POST['fullname']); 
    $userEmailAddress = mysql_real_escape_string($_POST['email']); 
    $userPassword = mysql_real_escape_string($_POST['password']);

    # hash cleaned pass...
    $dynamSalt = mt_rand(20,9999); 
    $userPassword = hash('sha512',$dynamSalt.$userPassword);

    # connect database, then prepare, and finally perform query…
    #require_once('src/cfg/dbi.php');
    try{
        $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
        $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
        // INSERT CLEAN DATA INTO TABLE…
        $sth = $dbh->prepare("
        INSERT INTO Fan(fanNm,fanEmail,fanPass,fanDynamSalt)
        VALUES('$userName','$userEmailAddress','$userPassword','$dynamSalt')"
        );
        $sth->execute();
        ////////////////////////////////////////////////////////////////////
        ## Set Session Var for this PK ID in Fan table that is being created ##
        ////////////////////////////////////////////////////////////////////
        $_SESSION['newUserSessID'] = $dbh->lastInsertId();

    } //try

    catch(PDOException $e){
            #echo "Oops, We're experiencing an error.INSERTING NEW FAN";
            file_put_contents('/PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
    } //catch

}
else{
    // Redirect back to login form
    header('../index.php');
    //*SHOW ERRORS*// 

}

The file dbi.php:

<?php
####### DB Config Setting #######
$host ='localhost'; //////////////
$dbname ='thedatabasesnamehere';//////////
$user ='theuser';      //////////////
$pass ='thepass';          //////////////
/////////////////////////////////
?>

session_function.php – contains 6 sessions functions

    <?php
    function _open()
    {
        try{
            // Open the database
            global $dbname, $host,$user,$pass;
            $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
            $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
            #echo "<DIV STYLE='COLOR:RED;'>"."CONNECTED!!"."</DIV>";
        } //try
        catch(PDOException $e){
            #echo "Oops, We're experiencing an error CONNECTING.";
            file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
        } //catch
    }   

    ## Kill Connection to Mysql (Using PDO) 
    function _close(){
    $dbh = null;
    }

    ## Read a current session 
    function _read($id){
        try{
            // Open the database
            global $dbname,$host,$user,$pass;
            $dbh = new PDO("mysql:host=$host;dbname=$dbname",$user,$pass);
            $dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
            // Begin Query
            $id = mysql_real_escape_string($id);
            $sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
            $sth->execute();

        }
        catch(PDOException $e){
            #echo "Oops, We're experiencing an error. READING";
            file_put_contents('PDODBConnectionErrors.txt', $e->getMessage(), FILE_APPEND);  
        } //catch

        ## return '';
    }

## + other functions

Getting these warnings/errors when I fill out the 4 html inputs… :

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO)  on line 30

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established  on line 30

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started atsess_function.php:30) in on line 12

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started atsess_function.php:30) in on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'fannedup'@'localhost' (using password: NO) on line 21

Anyone see what I’m doing wrong?? It works perfect on a local machine.. but as soon as I bring it online, it gives me these errors. On the server I have PHP Version 5.2.17 and localhost is 5.3.1 ??

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T12:04:49+00:00

Youre getting the error because youre trying to use mysql_real_escape_string without an active ext/mysql connection resource for the DB. This is because you’re using PDO and so you have only established a PDO connection. The two families of functions are not interchangeable.

WRONG

$id = mysql_real_escape_string($id);
$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = '$id'");
$sth->execute();

CORRECT

$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = ?");
$sth->execute(array($id));

OR you could use named placeholders:

$sth = $dbh->prepare("SELECT data FROM sessions WHERE id = :id");
$sth->execute(array(':id' => $id));

With prepared statements the parameters in the query are escaped internally in the implementation, this is one of the big pluses to using them. If for some reason you DO need to manually escape string parts of a query then you need to use the PDO escaping function PDO::quote

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply