Jump to content
  • 0
Sign in to follow this  
spiros

mysql_real_escape_string(): Access denied

Question

I tried to Enter something in a legacy Extension and I got:

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) 

Then I changed all instances to

mysqli_real_escape_string

And retried. At that point I got:

mysqli_real_escape_string() expects exactly 2 parameters, 1 given on line 235

Here is the function:

function Lookup_addLookup ($url, $name, $group)
{
    $dbw = wfGetDB(DB_MASTER);

    $groupOrder = Lookup_getGroupOrder($group);
    $dbw->query ("INSERT INTO ".Lookup_prefix()."lookups (lu_name, lu_url, lu_group, lu_order, lu_group_order) VALUES ('".mysqli_real_escape_string($name)."', '".mysqli_real_escape_string($url)."', '".mysqli_real_escape_string($group)."', 1, $groupOrder)");

    Lookup_reOrderGroups();
    return true;
}

 

Edited by spiros (see edit history)

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Never use the raw query() function, use the insert() wrapper instead which properly escapes everything, handles db prefixes, etc. for you. (or the select() wrapper for SELECT queries, or the update() wrapper for UPDATE queries, etc.)

Share this post


Link to post
Share on other sites
  • 0

Right, thanks to both of you. How should that snippet be edited so that it is compatible with the most recent php versions? Pardon my ignorance.

Share this post


Link to post
Share on other sites
  • 0

It'd look like

$dbw->insert( 'lookups', [
	'lu_name' => $name,
	'lu_url' => $url,
	'lu_group' => $group,
	'lu_order' => 1,
	'lu_group_order' => $groupOrder
] );

 

Share this post


Link to post
Share on other sites
  • 0

Thank you so much. That gave me:

Quote

Notice: Use of undefined constant  - assumed '' in... on line 234
Notice: Undefined variable: dbw in... on line 234
Fatal error: Call to undefined function insert() in... on line 234

Line 234 is where the snippet provided starts ($dbw - >insert...):

function Lookup_addLookup ($url, $name, $group)
{
	$dbw = wfGetDB(DB_MASTER);

	$dbw->insert( 'lookups', [
	'lu_name' => $name,
	'lu_url' => $url,
	'lu_group' => $group,
	'lu_order' => 1,
	'lu_group_order' => $groupOrder
	] );

	Lookup_reOrderGroups();
	return true;
}

 

Edited by spiros (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.