Saturday, October 3, 2009

mysql_real_escape_string

I got this weird message in a PHP code where I wanted to escape input before putting it in a query:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'XXX'@'localhost' (using password: NO) in XXX on line 7


Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in XXX on line 7
It seems that this function needs a database connection to be opened in order to work. The reason is, that it must know the character set of the database in order to protect from SQL Injection.

No comments:

Post a Comment