Access denied for user 'epiz_31263592'@'192.168.0.64' (using password: YES)

jaikrishna.t · March 14, 2022, 11:30am

Umm, using mysqli_connect, only once in the code:

Greenreader9 · March 14, 2022, 1:46pm

You are right. If you remove that code, it will not work. @jaikrishna.t, where else it is connecting to the database?

The error actually lies on these two sections:


$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','*****','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
	die("Erreur connection BDD: " . mysqli_connect_error());
	//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
	//echo "<br>Erreur retournée: ".mysqli_error($mysqli);
	exit(0);
}


$connection = connect_to_mysqli($mysqlserverhost, $username_mysql, $password_mysql, $database_name);
	$firstfield = mysqli_real_escape_string($connection, sanitize($_POST["firstfield"]));
	$secondfield = mysqli_real_escape_string($connection, sanitize($_POST["secondfield"]));
	$thirdfield = mysqli_real_escape_string($connection, sanitize($_POST["thirdfield"]));
	$fourthfield = mysqli_real_escape_string($connection, sanitize($_POST["fourthfield"]));	 
	$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
	if (mysqli_query($connection, $sql)) {

The first time, you store the connection as $mysqli. Then later, you connect again (This one fails, as those variables do not exist), and try to insert into the database using that second statement (the failing one).

I am not on a desktop, so I cannot test this, but try removing the top line of the second snippet (the one that begins with $connection), and change the last line of the second snippet to read the following:

if (mysqli_query($mysqli, $sql)) {

aurele2 · March 14, 2022, 5:08pm

<?php

	/*************************
	*  Page: espace-membre.php
	*  Page encodée en UTF-8
	**************************/

$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','REMOVED','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
	die("Erreur connection BDD: " . mysqli_connect_error());
	//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
	echo "<br>Erreur retournée: ".mysqli_error($mysqli);
	exit(0);
}


// ------------------------- Do not modify code under this field -------------------------- //

if(isset($_POST["processform"])){
	$firstfield = mysqli_real_escape_string($connect, sanitize($_POST["firstfield"]));
	$secondfield = mysqli_real_escape_string($connect, sanitize($_POST["secondfield"]));
	$thirdfield = mysqli_real_escape_string($connect, sanitize($_POST["thirdfield"]));
	$fourthfield = mysqli_real_escape_string($connect, sanitize($_POST["fourthfield"]));	 
	$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
	if (mysqli_query($mysqli, $sql)) {
		  echo "<h2><font color=blue>New record added to database.</font></h2>";
	} else {
		  echo "Error: " . $sql . "<br>" . mysqli_error($connect);
	}
	mysqli_close($connect);
}

?>

I have a 500 error again i don’t understand why

jaikrishna.t · March 14, 2022, 5:21pm

Because $connect doesn’t exist, replace it with $mysqli or rename $mysqli with $connect, anything which suits you.

Greenreader9 · March 14, 2022, 5:22pm

Ok, I missed something else (Sorry, this time change thing has left me tired and confused). Replace every instance of $connect in your code with $mysqli.

Also, replace <form action="contact.php" method="post" name="Form" onsubmit="return validateForm()" id="form"> with <form action="" method="post" name="Form" onsubmit="return validateForm()" id="form">

aurele2 · March 14, 2022, 5:33pm

<?php include('menu.php'); ?>
<?php

	/*************************
	*  Page: espace-membre.php
	*  Page encodée en UTF-8
	**************************/

$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','***','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
	die("Erreur connection BDD: " . mysqli_connect_error());
	//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
	echo "<br>Erreur retournée: ".mysqli_error($mysqli);
	exit(0);
}


// ------------------------- Do not modify code under this field -------------------------- //

if(isset($_POST["processform"])){
	$firstfield = mysqli_real_escape_string($mysqli, sanitize($_POST["firstfield"]));
	$secondfield = mysqli_real_escape_string($mysqli, sanitize($_POST["secondfield"]));
	$thirdfield = mysqli_real_escape_string($mysqli, sanitize($_POST["thirdfield"]));
	$fourthfield = mysqli_real_escape_string($mysqli, sanitize($_POST["fourthfield"]));	 
	$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
	if (mysqli_query($mysqli, $sql)) {
		  echo "<h2><font color=blue>New record added to database.</font></h2>";
	} else {
		  echo "Error: " . $sql . "<br>" . mysqli_error($mysqli);
	}
	mysqli_close($mysqli);
}

?>

<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
p{
    text-align: right;
}
#box{
	width:955px;
	margin:20px auto;
	padding-top:20px;
	font-family: serif;
}
#form{
	border-radius:2px;
	padding:20px 30px;
	box-shadow:0 0 15px;
	font-size:14px;
	font-weight:bold;
	width:350px;
	margin:20px 250px 0 35px;
	float:left;
}
h3{
	text-align:center;
	font-size:20px;
}
input{
	width:100%;
	height:35px;
	margin-top:5px;
	margin-bottom: 20px;
	border:1px solid #999;
	border-radius:3px;
	padding:5px;
}
input[type=submit]{
	background-color:#ca1e1e;
	border:1px solid white;
	font-family: serif;
	font-Weight:bold;
	font-size:18px;
	color:white;
}
textarea{
	width:100%;
	height:80px;
	margin-top:5px;
	border-radius:3px;
	padding:5px;
}
span{
	color:red
}
.successMessage{
    background-color: #7acc7d;
    border: #2b5a2d 1px solid;
    padding: 5px 9px;
    color: #262b26;
    border-radius: 4px;
    cursor: pointer;
    font-size: 0.9em;
}
.errorMessage{
    background-color: #e64141;
    border: #da1414 1px solid;
    padding: 5px 10px;
    color: #fdf7f7;
    border-radius: 4px;
}
.info{
    font-size: 0.9em;
    color: #d67262;
    letter-spacing: 2px;
    padding-left: 5px;
}

</style>
<script type="text/javascript">
  function validateForm() {
    var a = document.forms["Form"]["firstfield"].value;
    var b = document.forms["Form"]["secondfield"].value;
    var c = document.forms["Form"]["thirdfield"].value;
    var d = document.forms["Form"]["fourthfield"].value;
    if (a == null || a == "", b == null || b == "", c == null || c == "", d == null || d == "") {
      alert("Please Fill All Required Field");
      return false;
    }
  }
  

</script>
</head>
<body>

<div id="box">
  <form action="" method="post" name="Form" onsubmit="return validateForm()" id="form"><p>* Champs Requis.</p>
  <input type="hidden" name="processform" value="1">
        <label for="field">* Nom:</label>
        <input type="text" id="field1" name="firstfield" placeholder="Value...">
        <label for="field">* Numéro de téléphone:</label>
        <input type="text" id="field2" name="secondfield" placeholder="Value...">
        <label for="field">* Adresse:</label>
        <input type="text" id="field3" name="thirdfield" placeholder="Value...">
        <label for="field">* Votre liste de course:</label>
        <textarea id="field4" name="fourthfield" placeholder="Value..."></textarea>
      <input type="submit" value="Submit">

  </form>
  
</ul>
</body>
</html>

same problem…

Greenreader9 · March 14, 2022, 5:35pm

Ok, I will test it for you, give me a seccond.

aurele2 · March 14, 2022, 5:37pm

Thanks very much

Greenreader9 · March 14, 2022, 5:59pm

For some reason, the following lines were causing the problem.

aurele2:

	$firstfield = mysqli_real_escape_string($mysqli, sanitize($_POST["firstfield"]));
	$secondfield = mysqli_real_escape_string($mysqli, sanitize($_POST["secondfield"]));
	$thirdfield = mysqli_real_escape_string($mysqli, sanitize($_POST["thirdfield"]));
	$fourthfield = mysqli_real_escape_string($mysqli, sanitize($_POST["fourthfield"]));

Replacing

mysqli_real_escape_string($mysqli, sanitize())

with

htmlspecialchars()

did the trick.

You can find the working code at: https://aurele-et-hugo-font-vos-courses.great-site.net/contact_testing.php

aurele2 · March 14, 2022, 6:07pm

oh thank very much thank thank thanks. you are the best

Admin · March 15, 2022, 2:52pm

Looking at the code, I can’t find any function sanitize in the official docs. So either it’s a custom function that’s not working or missing entirely.

But if you are going to be escaping variables, I strongly recommend to use escape functions suitable for the use case. So if you are using MySQLi and need to sanitize data, you should use mysqli_real_escape_string. htmlspecialchars is for safely encoding HTML, not database queries, and it’s possible that using it instead of mysqli_real_escape_string still leaves you vulnerable to SQL injection.

system · March 22, 2022, 2:53pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.