Notepad don't save inserted data

[Caberhagen]

Hi

i found a problem with notepad. the inserted text are not saved.

i found an output:

PHP Warning: mysql_real_escape_string(): Access denied for user 'www-data'@'localhost' (using password: NO) in /var/www/game/submit_notepad.php

so the game try to use not the game db from config inc. and with apache user without password.

how to chang it to game db?

[kirirur]

Hello,

this sound really strange to me. However I've found another problem in the game source code, these files:

• game\modules\alliance_application.php
• game\modules\alliance_diplomacy.php
• game\modules\alliance_ships.php
• game\modules\ships.php
• game\modules\ships_build.php
• game\modules\stats.php
• game\modules\tools\players\dump_user.php
• game\modules\tools\players\encourage_user.php
• game\submit_notepad.php
• pages\stats.php
• supportcenter\index.php

are still using the deprecated mySQL extension instead of the supported mySQLi.

I've tried the notepad on a test machine with mySQL 5.6.21 and PHP 5.4.34 but it saves correctly the data inserted. I'll try to perform other test on another machine in the next few days.

For sure it's necessary to replace deprecated function mysql_real_escape_string with the new mysqli_real_escape_string in the listed files.

[kirirur]

While reading mysql_real_escape_string online help, I'm wondering how it can work on my test machine:

string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier = NULL ] )

"link_identifier The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated."

The function is called everywhere with parameter link_identifier missing, so it should rise a E_WARNING (as it's doing on your server), because there shouldn't exists connection created with mysql_connect.

Try to add this function in file game/include/sql.php

function escape_string($string)
{
    return mysqli_real_escape_string ($this->link_id , $string);
}

and call it in submit_notepad.php in place of mysql_real_escape_string:

$sql = 'UPDATE user
        SET user_notepad = "'.$db->escape_string($_POST['user_notepad']).'"
        WHERE user_id = '.$game->player['user_id']; 

Let me know if it works.

[Caberhagen]

Hi

i tried your fix from last post. Nice thing, the notepad are now able to save data. And a special thing, in notepad the ä ö ü can be saved.

[kirirur]

Hello,

that sounds good!

I'll fix all the other files in the next few days.

By the way: which version of PHP do you use?

[Caberhagen]

Hi

i have version 5.5.40-0+wheezy1

[Caberhagen]

Hi

i have added all your files from latest commit to my branch. Now the stats page in game and on home page have a fatal error:

PHP Fatal error: Call to a member function queryrow() on a non-object in /var/www/pages/stats.php on line 220, referer: https://stfc.mining-pools.ch/game/index.php?a=ship_template PHP Fatal error: Call to a member function queryrow() on a non-object in /var/www/pages/stats.php on line 220, referer: https://stfc.mining-pools.ch/index.php

[kirirur]

Hi,

Did you remembered to comment second galaxy queries?

[Caberhagen]

oh god. ok i know. my fault. mhhh