解决mysql_real_escape_string()的最佳方法:不关闭警告通知

时间:2015-12-22 14:58:53

标签: php

为什么在我尝试登录我的页面时会出现这些警告 ??我试过浏览,大多数论坛建议关闭通知但我不认为它的好编程我想要的是学习如何解决这个问题或警告,我在下面得到这些错误

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\sot\sot.php on line 12

Warning: mysql_real_escape_string(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 12

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\sot\soft.php on line 13

Warning: mysql_real_escape_string(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 13

Warning: mysql_query(): Access denied for user ''@'localhost' (using password: NO) in C:\xampp\htdocs\soft\sot.php on line 14

Warning: mysql_query(): A link to the server could not be established in C:\xampp\htdocs\sot\sot.php on line 14

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sot\sot.php on line 15

这是我的登录页面

<?php
session_start();
include_once 'dbconfig.php';

if(isset($_SESSION['user'])!="")
{
    header("Location: admin.php");
}

if(isset($_POST['btn-login']))
{
    $email = mysql_real_escape_string($_POST['email']);
    $upass = mysql_real_escape_string($_POST['pass']);
    $res=mysql_query("SELECT * FROM users WHERE email='$email'");
    $row=mysql_fetch_array($res);

    if($row['password']==md5($upass))
    {
        $_SESSION['user'] = $row['user_id'];
        header("Location: admin.php");
    }
    else
    {
        ?>
        <script>alert('wrong details');</script>
        <?php
    }

}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ALEXORG</title>
<link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />

</head>
<body id="login">
 <div class="container">

      <form class="form-signin" method="post">
        <h2 class="form-signin-heading text-center">Muligence 1.0</h2>
        <label for="inputEmail" class="sr-only">Email address</label>
        <input type="text" name="email" id="inputEmail" class="form-control" placeholder="Enter Your email" required autofocus>
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password"  name="pass"  id="inputPassword" class="form-control" placeholder="Password" required>
        <div class="checkbox">
          <label>
            <input type="checkbox" value="remember-me"> Remember me
          </label>
        </div>

        <button class="btn btn-lg btn-primary btn-block" type="submit" name="btn-login">Sign in</button>
        <a href="register.php">Sign Up Here</a>
      </form>

    </div> <!-- /container -->




<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="js/bootstrap.js"></script>

</body>
</html>

我是编程和php的新手,我想学习帮助建议或链接,我可以找到有用的信息 这是我的dbconfig代码

<?php

$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "ca@19";
$DB_name = "zack";


try
{
    $DB_con = new PDO("mysql:host={$DB_host};dbname={$DB_name}",$DB_user,$DB_pass);
    $DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
    echo $e->getMessage();
}

include_once 'clo.crud.php';

$crud = new crud($DB_con);

?>

1 个答案:

答案 0 :(得分:0)

您正在使用PDO连接到数据库,但之后尝试使用ext / mysql(这是不兼容的以及obsolete)来转义数据。

您需要选择一个数据库API(PDO是一个不错的选择)并且坚持

This answer向您展示了如何使用PDO转义数据。

19900101