So here I am coding into the wee hours of the morning.  I was basically like butter.  Why? cos I was on a roll (how many of you get that?  ).  I had 2 more sections to go and these 2 required some database interaction.  Basically, the first page is a form.  You fill it out and click "next" where you are asked to confirm your entry.  If you like what you see, you click a paypal button to pay some money.  On the same 2nd page, I insert the values into a db and create session vars for the entries.  One of the columns, "paid" is defaulted to "N".  Upon a successful paypal payment, the "thank you" page checks for the session vars and if found, updates the "paid" column to "Y".

Here are snippets of the code I used on the confirmation page:

session_start();

$contactfirstname = $_REQUEST['contactfirstname'];
$contactfirstname = trim($contactfirstname);
$contactfirstname = mysql_real_escape_string($contactfirstname);
$_SESSION['contactfirstname'] = $contactfirstname;

require(', /inc/new-header.inc'); //html header stuff so yes, I have my session vars in the right place
        (more code here)
        require_once(', /inc/mysql.inc.php'); //set host, username, password andall that good stuff
        $q = "INSERT INTO tbl_registration (table columns) VALUES (values to insert)";

$r = mysql_query($q, $dbc);

if(mysql_affected_rows($dbc) == 1)
        (more code here)

I would say it's pretty straightforward stuff.  So I go to my browser, fill in values and click "next" only to see the following mysql errors:

a link to the server could not be established
function: mysql_real_escape_string($contactfirstname); Access denied to user on table (table name) password: NO

After battling with this for some time, I contact the web host, who tells me "there is some active server uptime on your account.  Our guys are looking into the problem.  Try back in an hour".

I then go to sleep for 4 hours, try it again, same problem.  I contact web host again.  still, same problem.  I google for what seems like eternity and nothing came up.  Then on the 2nd page of the results, I see one obscure link that gave me the solution and I was astonished - see, I pretty much work on the same kind of sites so my code is heavily templatized (there goes that dirty word again  ) so I took certain things for granted.  This particular site though is doing things a little differently.

Questions:
1) Why do I get the errors above?
2) How do I solve them?

This was pretty tricky for me.  I wonder if any of you have seen this before.  Oya, as always, I dey wait

IT MAY SIMPLY MEAN THAT IN IIS, YOU HAVE NOT GIVEN READ, WRITE AND UPDATE PERMISSION TO ANONYMOUS USERS ON YOUR WEBSITE.

IF YOU ARE USING IIS, YOU NEED TO SET THE PERMISION SO THAT ALL USERS - ANONIMOUS USERS CAN UPDATE THE DATABASE. THE DATABASE IS SIMPLY PROTECTING ITSELF SO THAT NOT EVERYONE CAN UPDATE IT, BUT IF YOU SAY ALLOW EVERYONE TO UPDATE I, THEN YOU WONT PROBABLY GET THE ERROR.

Well, if you have not yet connected to the db yet and this connection is your first, i would say check your database connection, that is host (sometimes it is not localhost), username and password if they tally with what you created. If you are using an include for your connection, make sure it is pointing to the right file.

Looking at your codes, hate to sound like a newbie but the comma before your include path, does it have to be there to work cos i know i would not add it if all my files are in the root folder and the include files are in subfolders inside the root folder. A little newbie suggestion would be to remove the commas.

Well thats all i can think of and ignore the newbie thing cos when an advanced programmer makes tiny newbie mistakes i find it hard to believe and i ask politely what the the tiny mistake (kinda) is for.

Eager to know the solution.

2Legit:
I am afraid that isn't the answer.  For starters, I am not using IIS.  Nice try though.

askphantom:
You probably are not aware of the fact that NL replaces 2 or more dots with a comma, which explains that.  Regardless, no one is above mistakes.  Whether you start coding today or have been doing it since 1800, makes no difference.  In fact, I challenge anyone to write a program the first time with no bugs 

To give you an answer to your solution: yes, the db and table exists and the host, username and password are all set right and the include is pointing to the right path.  Though your solution isn't correct, I will say you are getting there.  You have partially answered (1).  Put back on your thinking hat and go at it again.

More answers please.  You will be amazed at the solution

first off, mysql_real_escape_string needs to use the database link identifier, although it is not compulsory to pass it in as a parameter

the connection should be established before using it,
maybe if you move this line up.
i cant test this as am in a cafe right now.

require_once(', /inc/mysql.inc.php'); //set host, username, password andall that good stuff


and ur idea of checking sessions on a page in other to update ur DB may not be a good idea

I think webdezzi hit the point.

obviously mysqll_real_escape_string(); requires that you are connected to your mysql server before running it and looking at your codes, you used it before connecting to the database.

Sheessh, i guess webdezzi beat me to the answer. Well looking forward to the next debugging question.

@yawa

Thanks for the tip. never knew u can replace double dots with a comma. Am gonna stick to my double dots though.

yep, webdezzi hit the spot 1000%  The solution is to move my mysql.inc.php include statement to right below the session_start() statement

I guess one of my points with this question is the importance of striving to seek answers ourselves before we bring it to the forum.  If I were to come here first, it probably would have taken me days to get the answer whereas my client is looking for his site much sooner.  Another point would be patience: had I not decided to check every result on google to the 2nd page, I probably would still have the problem.

webdezzi:
You said something about using sessions not being a good idea.   You mind expatiating?  I have done this on quite a few sites and it worked out well.  I look forward to your reason(s) why.  I once used cookies but it didn't work out well due to its ability to expire.  I try not to use sessions for anything, in particular because of server "taxation" issues though you are probably coming at it from a security perspective.

Please expatiate. I am all ears

yes, coming from a security perpective.
since i dont know what logic you have in place on those site, you may still be doing thing right

for instance an e-commerce website.

I may need to place a cheap order so i can have a good idea how the pages link up.
then go to the "thankyou" page and play with it

getting a valid session MAY be easy(especially if the session being checked is expected to have a true or false value), since i placed a cheap order and i have all the session values for that order.
using the referral url to validate where the user is coming from wont do any good since it can be spoofed (infact, Admins who displays referral urls without the htmlentities bla bla may be at risk. since there is a good chance you wanna know where ur users are coming from thereby displaying it in ur custom admin panel so javascript added to the spoof can retrieve ur admin area sessions without problems)

i will prefer to update the database right from where the logic decides which page to serve.

Just to chip in that mysql_escape_string() on the other hand doesnt require a connectn to d db. But then it is depreciated

kehers:

Just to chip in that mysql_escape_string() on the other hand doesnt require a connectn to d db. But then it is depreciated

Depreciated? Or deprecated?

Database connections are only required when you must interact with the database to either retrieve, add, update or delete content.

Nice question here. I also had to battle with this same problem while working on an sms website early this year. This really halted my work until I played around to get at the solution. The funny thing is that all codes are correct but placement is all that matters. Really good it has been pointed out and dealt with.

@yawa, thanks for the question.

@posters, nice attempts are being made and no longer the issue of waiting for site reviews.

@Afam, the correct on is depricated. Guess some typo error there from @kehers

omni, omni, thanks. As I work on more sites, Lord willing, not that I am praying for it but I will more "funny" questions and post here once I find a solution. As you may have noticed, I insist on finding a solution myself, even if it takes days as once I find it, it sticks in my sub conscious.

webdezzi, here is what my code is doing:
1) You go to a registration page where you enter your info (name, email, address and so forth

2) You click "next" and are taken to a confirmation page where I spit out what you entered on the previous page. If you want to correct, you click back else, further down on the page, there is a paypal button.

3) You go to paypal and assuming you don't cancel, you make a payment. You then return to a "thank you" page.

So what I do is:
1) Store the values entered in (1) in session vars on the confirmation page and have a "user_paid" set to N by default

2) Upon successful payment, I check the value of a certain var (email address), do a select to see if it exists in the db. If yes, I update the user_paid column to "Y". If not, customary error message.

3) I destroy all sessions - this way, should someone get to the page directly or refresh for some reason, they get, "you have come to this page in error"

I tried cookies for something like this years ago and it worked up until I did a live demo for a client and they had the browser on longer than I had set the cookies for (stupid me, I trusted the user the register quickly. I nearly piss for my pata that day ). I then decided to switch to sessions from that point onwards.

I once played with not doing the insert on the confirmation page and doing a mass insert on the "thank you" page but it didn't make sense to me. The way I see it, and I could be wrong, it is more efficient to update one column than to insert an entire row.

I hope it makes sense. If my approach is wrong, I am willing to learn a better approach

OmniPotens:

Nice question here. I also had to battle with this same problem while working on an sms website early this year. This really halted my work until I played around to get at the solution. The funny thing is that all codes are correct but placement is all that matters. Really good it has been pointed out and dealt with.

@yawa, thanks for the question.

@posters, nice attempts are being made and no longer the issue of waiting for site reviews.

@Afam, the correct on is depricated. Guess some typo error there from @kehers

i think that is a typo too, it is deprecated


@yawa, i responded but somehow, it is not showing on this thread, i can only see it in my "Latest post"

webdezzi interesting. What I would do is grab the url from the latest posts section and email it to Seun so he can figure out why.

Very weird. Sorry I couldn't be of any help.