20i Reseller Hosting

Database connection error after converting old script

Discussion in 'Website Design' started by DomainAngel, Feb 12, 2018.

  1. DomainAngel

    DomainAngel Active Member Acorn Supporter

    Joined:
    Sep 2006
    Posts:
    935
    Likes Received:
    21
    ......................
     
    Last edited: Feb 15, 2018 at 10:26 PM
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. RobM

    RobM Well-Known Member Exclusive Member

    Joined:
    Mar 2012
    Posts:
    1,847
    Likes Received:
    169
    I assume config.php contains definitions for _HOST, _USERNAME, _PASSWORD, and _DATABASE and they haven't changed?
    The error is very explanatory in that either the _DATABASE doesn't exist or has changed name or the _USERNAME can't be applied to it.
    Also I hate people using select_db with mysqli.
    You can change the two lines:

    mysqli_connect(_HOST, _USERNAME, _PASSWORD) or die('Could not connect: ' . mysqli_error($link));
    mysqli_select_db($link, _DATABASE) or die('Could not select database');

    into

    $link=mysqli_connect(_HOST, _USERNAME, _PASSWORD,_DATABASE) or die('Could not connect: ' . mysqli_error());

    because mysqli_connect can take 4 parameters. Not a major thing (and not the cause of your bug) but just neater and quicker.
     
    Last edited: Feb 12, 2018
  4. davedevelopment

    davedevelopment Well-Known Member

    Joined:
    May 2009
    Posts:
    1,175
    Likes Received:
    42
    I'd seriously consider getting that script checked out by a professional before leaving it running, it looks vulnerable to something called SQL injection. Especially as you've now pasted the code on a forum.
     
  5. DomainAngel

    DomainAngel Active Member Acorn Supporter

    Joined:
    Sep 2006
    Posts:
    935
    Likes Received:
    21
    Thanks Dave,

    I've advertised for a new build but no takers as yet which is why I dug out this old mysql one

    Anyone on Acorn who wants to quote send me a pm
     
  6. DomainAngel

    DomainAngel Active Member Acorn Supporter

    Joined:
    Sep 2006
    Posts:
    935
    Likes Received:
    21
    Ah I have just seen Robs also, thanks Rob, yes config ok and yes its very poorly written. I think from the comments its to the bin with it :)
     
  7. RobM

    RobM Well-Known Member Exclusive Member

    Joined:
    Mar 2012
    Posts:
    1,847
    Likes Received:
    169
    Well you can sanitise the input easy enough by enclosing anything that the user can input within mysqli_real_escape_string([database],[statement])
    Change the line from:
    $_sql = 'SELECT * FROM users WHERE user_login=\'' . $user_login . '\' and user_pass=\'' . $user_pass . '\' and user_status=1';

    to

    $_sql = "SELECT * FROM users WHERE user_login='" .mysqli_real_escape_string($link,$user_login) . "' and user_pass="' . mysqli_real_escape_string($link,$user_pass) .'" and user_status=1";

    and move it to the line after my suggestion:

    $link=mysqli_connect(_HOST, _USERNAME, _PASSWORD,_DATABASE) or die('Could not connect: ' . mysqli_error());

    However that still doesn't address your problem. I would like to see the contents of the config file. If that's all ok then are you sure the database it's looking for exists on the server you're on?
     
  8. DomainAngel

    DomainAngel Active Member Acorn Supporter

    Joined:
    Sep 2006
    Posts:
    935
    Likes Received:
    21
    Wound it back and connects fine. Still don't know why it wouldn't connect though with updated code but due to injection mentioned above its for the bin.