|
From: SourceForge.net <no...@so...> - 2007-10-07 18:55:01
|
Bugs item #1743279, was opened at 2007-06-26 03:36 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1743279&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Database Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: chnad (chnad) Assigned to: Nobody/Anonymous (nobody) Summary: mysql_real_escape_string() is called w/o db_connection Initial Comment: without magic_quotes_gpc, mysql_real_escape_string() is called but it is not checked if a database connection exists / no connection is made. It generates a warning like: PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'apache'@'localhost' (using password: NO) in /var/www/html/padm/functions.inc.php on line 131, referer: http://host/padm/login.php a database connection is probaby needed for mysqli and pgsql as well, so a db_connect() call in the if (get_magic_quotes_gpc () == 0) {} block is probably the right fix. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-10-07 20:55 Message: Logged In: YES user_id=593261 Originator: NO This seems to be fixed in the latest SVN version. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-07-30 12:41 Message: Logged In: NO Had the same Problem, PHP4.4 MySQL 5.0, tried the same fix, worked for me. Greets Peter ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-07-23 13:21 Message: Logged In: NO Fast workaround for this, add the following line on line 130: $link = db_connect (); The function "escape_string" looks after the fix so: 122 // escape_string 123 // Action: Escape a string 124 // Call: escape_string (string string) 125 // 126 function escape_string ($string) 127 { 128 global $CONF; 129 130 $link = db_connect (); 131 132 if (get_magic_quotes_gpc () == 0) 133 { 134 if ($CONF['database_type'] == "mysql") $escaped_string = mysql_real_escape_string ($string); 135 if ($CONF['database_type'] == "mysqli") $escaped_string = mysqli_real_escape_string ($string); 136 if ($CONF['database_type'] == "pgsql") $escaped_string = pg_escape_string ($string); 137 } 138 else 139 { 140 $escaped_string = $string; 141 } 142 return $escaped_string; 143 } This works for me. Hf, Jens ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1743279&group_id=191583 |
