PHP security

[attasz]

Hy! I found this code:

PHP Code:

function cleaninput($clean){
        $clean = trim($clean);
        $clean = htmlentities($clean);
       
        if (get_magic_quotes_gpc() == 0){
                $clean = mysql_real_escape_string($clean);
        }else{
                $clean = mysql_real_escape_string(stripslashes($clean));
        }
       
        return $clean;
}


$username = cleaninput($_POST['username']);
$password = cleaninput($_POST['password']);

?> 


As far as i'm familiar with PHP it seems good.However if i try to use it in my script i get this:

Quote:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in K:\wamp\www\gyakorlo\reg.php on line 5

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5

Despite this the INSERT query is done,but i get empty fields in the database.
if i don't use this function everything is all right,I don't get what is the problem,can somebody help me?

[abduraooft]

Quote:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in K:\wamp\www\gyakorlo\reg.php on line 5

A connection to your DB need to be established, before calling that function. (Check the manual)

[attasz]

Thx,it works now,i had a hard hour with it earlier...
One more question:is it proper defense against mysql injection and other dirty things?

[abduraooft]

Quote:

One more question:is it proper defense against mysql injection and other dirty things?

Umm.. your function cleaninput() can prevent sql injections and problems when having html tags in user input.

[attasz]

Thx again!