Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO)

Question

Hi for some reason I am not aware of I keep receiving the following errors:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO) in /home/a8221325/public_html/add.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/a8221325/public_html/add.php on line 11

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'a8221325'@'localhost' (using password: NO) in /home/a8221325/public_html/add.php on line 12

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/a8221325/public_html/add.php on line 12

From the research I've done I feel like the problem is in the way I connect to my database, but I'm not entirely sure. If someone could help me get my code to work it'd be awesome! So far my site consists of two pages, test and add here is their code:

test.html:

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<form action="add.php" method="post" name="form1" id="form1">
  <label for="name">Text Field:</label>
  <input type="text" name="name" id="name">
  <label for="password">Text Field:</label>
  <input type="text" name="password" id="password">
  <input type="submit" name="submit" id="submit" value="Submit">
</form>
</body>
</html>

add.php:

<?php
$con=mysqli_connect("mysql1.000webhost.com","a8221325_admin","**************","a8221325_prom");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$escapedName = mysql_real_escape_string($_POST['name']); # use whatever escaping function your db requires this is very important.
$escapedPW = mysql_real_escape_string($_POST['password']);

# generate a random salt to use for this account
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

$saltedPW =  $escapedPW . $salt;

$hashedPW = hash('sha256', $saltedPW);

$query = "insert into user (name, password, salt) values ('$escapedName', '$hashedPW', '$salt'); ";
?>

Thank you!

Answer 1

You are using the mysqli extension to create the database connection.

Then you are using an entirely different extension named "mysql" (note the missing "i" at the end) to escape.

Escaping needs an existing mysql connection. If non exists, it will be created implicitly with default values. Doing this fails.

But it does not point you into the correct direction: You have to use the escaping functions from the extension you create the connection with. Which is mysqli_real_escape_string (note the added "i" after "mysql").

General disclaimers:

When using MySQLI, use prepared statements to get rid of escaping strings.

Don't use fast hash functions to hash passwords. Include this library that implements the PHP5.5 functions for password hashing: https://github.com/ircmaxell/password_compat