Troubleshooting php / sql login script

So, when I run this login script, I get the following error:

PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in (...) on line 116.

I'm calling the database at the top of the script, and not getting any errors from PEAR... print_r($db) returns an object...

code follows:

<?php

function &db_connect() { 
  require_once 'DB.php'; 
  PEAR::setErrorHandling(PEAR_ERROR_DIE); 
  $db_host = 'internal-db.xxxxx.gridserver.com'; 
  $db_user = 'xxxxx'; 
  $db_pass = 'xxxx'; 
  $db_name = 'xxxxx_wedding2'; 
  $dsn = "mysqli://$db_user:$db_pass@$db_host/$db_name"; 
  $db = DB::connect($dsn); 
  $db->setFetchMode(DB_FETCHMODE_OBJECT); 
  return $db; 
}
$db = &db_connect();
if (DB::isError ($db))
     die ("Cannot connect: " . $db->getMessage () . "\n"); 

if (!isset($_SESSION['uid'])) {
  session_defaults();
}

function session_defaults() { 
  $_SESSION['logged'] = false; 
  $_SESSION['uid'] = 0; 
  $_SESSION['username'] = ''; 
  $_SESSION['cookie'] = 0; 
  $_SESSION['remember'] = false; 
}

class User {
  var $db = null; //PEAR::DB pointer
  var $failed = false; //failed login
  var $date;  //current date
  var $id = 0; //current users id

  function User(&$db) {   //is this the constructor?
    $this->db = $db;
    $this->date = $GLOBALS['date'];
    $this->role = $_SESSION['role'];
    if ($_SESSION['logged']) {
      $this->_check_Session();
    } elseif (!isset($_COOKIE['myLogin'])) {
      $this->_checkRemembered($_COOKIE['myLogin']);
    }

  }

   function _checkLogin($username, $password, $remember) {
    $username = $this->db->quote($username);  //uses PEAR::DB->quote method to sanitize input
    $password = $this->db->quote(md5($password)); // "  "
    $sql = "SELECT * FROM guest WHERE (username = $username) AND (password = $password)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, $remember);
      return true;
    } else {
      $this->failed = true;
      $this->_logout();
      print "Sorry, you have entered an invalid username or password!";
      return false;
    }
  }

  function _checkRemembered($cookie) {
    list($username, $cookie) = unserialize($cookie);
    if (!$username or !$cookie) return;
    $username = $this->db->quote($username);
    $cookie = $this->db->quote($cookie);
    $sql = "SELECT * FROM member WHERE (username = $username) AND (cookie = $cookie)";
    $result = $this->db->getRow($sql);
    if (is_object($result)) {
      $this->_setSession($result, true);    
    }  
  }

  function _setSession(&$values, $remember, $init = true) {
    $this->id = $values->id;
    $_SESSION['uid'] = $this->id;
    $_SESSION['username'] = htmlspecialchars($values->username);
    $_SESSION['cookie'] = $values->cookie;
    $_SESSION['logged'] = true;
    $_SESSION['role'] = $values->role;
    if ($remember) {
      $this->updateCookie($values->cookie, true);
    }
   /* if ($init) {
    $session = $this->db->quote($_SERVER['REMOTE_ADDR']);
    $sql = "UPDATE guest SET session = $session, ip = $ip WHERE id = $this->id";
    $this->db->query($sql);
    }*/
  }


  function updateCookie($cookie, $save) {
    $_SESSION['cookie'] = $cookie;
    if ($save) {
      $cookie = serialize(array($_SESSION['username'], $cookie));
      set_cookie;}
    }
  }

  function _logout() {
    session_defaults();
  }

  $date = time();
  $user = new User($db);
  $myusername = mysql_real_escape_string(stripslashes($_POST['myusername']));
  $mypassword = mysql_real_escape_string(stripslashes($_POST['mypassword'])); 
  $status  = $user->_checkLogin;
  print_r($status);

Any thoughts what I'm missing here? Is there a better way to troubleshoot my db connection?

Thanks in advance.

Answers


Please read mysql_real_escape_string() documentation. You should provide link to connection with mysql as 2nd argument.

Updated: if you want to store user's data to database, so why not use prepare() from PEAR::DB? It effectively protect you from SQL-injection.


Need Your Help

Best practice for empty javascript event (e.g. onclick=“javascript:;”)

javascript html

If you want an event or a link to an empty javascript call, there are several ways, of which I can think of:

converting JSON Structure to BasicDBObject

java mongodb

I want to convert the following json structure to BasicDBOject in java and insert into mongo db.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.