Skip to content

How to Resolve Warning: mysql_real_escape_string(): Access denied

  • by
When you deploy PHP programs to a higher version of PHP engine, you might see errors in the run-time like this:
Warning: mysql_real_escape_string(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/index.php on line 57
Warning: mysql_real_escape_string(): A link to the server could not be established in /var/www/html/index.php on line 57

Actually, mysql_real_escape_string() not a pure PHP function, it calls back to MySQL's Library. Therefore, you need a underlying connection to MySQL before calling this function. The PHP manual shows a good example on this:
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",

Please refer to the official document for more information: PHP: mysql_real_escape_string - Manual. In which, a warning about this function is also in the document:
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
Therefore, you should try not to use this function in the programs, because PDO provides the functionality of parameter-bindings which is able to escape special characters automatically.

Leave a Reply

Your email address will not be published.