I installed PUArcade 2.3 (latest version) on Joomla 1.5.7 and get the following error:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in ...htdocs/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in .../htdocs/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in ...htdocs/components/com_puarcade/cls.puarcade.php on line 1360

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in ...htdocs/components/com_puarcade/cls.puarcade.php on line 1360

This is on a live server. On a local server all works fine (i dont get any errors). The only difference with my local and live server is that the local server uses mysql and the live server mysqli!

read the posts on the first site

Bombe wrote:

QUOTE:
read the posts on the first site

I read the posts on the first page but the suggestions donnt solve my problem. Before i installed the stable 2.3 version i used the svn versions and they did work without any problems so i remove this version and going to install one of the svn versions. Beside of this on my local server all works the only different is that i use mysql and mysqli on the live server. Could this be the problem?

DutchMan wrote:

QUOTE:
Bombe wrote:

QUOTE:
read the posts on the first site

I read the posts on the first page but the suggestions donnt solve my problem. Before i installed the stable 2.3 version i used the svn versions and they did work without any problems so i remove this version and going to install one of the svn versions. Beside of this on my local server all works the only different is that i use mysql and mysqli on the live server. Could this be the problem?

Yes, I think this is the problem. I think that if you replace all of the mysql_real_escape with mysqli_real_escape, it might work. Just do a search and replace. Let me know if it works.

QUOTE:
pragma wrote:
Yes, I think this is the problem. I think that if you replace all of the mysql_real_escape with mysqli_real_escape, it might work. Just do a search and replace. Let me know if it works.

Thanks, for your reply...

I replaced them all with mysqli_real_escape but now the following error displays:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /hermes/web02/b475/pow.spellenarena/htdocs/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /hermes/web02/b475/pow.spellenarena/htdocs/components/com_puarcade/cls.puarcade.php on line 1360

Hmm...looking at the docs, it looks like mysqli_real_escape_string expects a SQL connection to be passed in. That is kind of awkward using the database abstraction class in Joomla the way we do.

So, I'd say do this. Anywhere there was a mysql_real_escape_string, replace it as follows:
- If the variable in question is $fid, use intval($fid).
- If the variable in question is $tag, use addslashes($tag).

That will protect you from SQL injection, but remove the need for real_escape_string.

pragma wrote:

QUOTE:
Hmm...looking at the docs, it looks like mysqli_real_escape_string expects a SQL connection to be passed in. That is kind of awkward using the database abstraction class in Joomla the way we do.

So, I'd say do this. Anywhere there was a mysql_real_escape_string, replace it as follows:
- If the variable in question is $fid, use intval($fid).
- If the variable in question is $tag, use addslashes($tag).

That will protect you from SQL injection, but remove the need for real_escape_string.

And what to do with the $gid, for example in puarcade.class.php on line 150

Code:

function warningByGame($gid) { global $database; $query = "select c.id, c.name, c.description, c.warningrequired, c.imagename from #__puarcade_games as g, #__puarcade_contentrating as c" . " where g.contentratingid = c.id" . " and g.id = ".mysql_real_escape_string($gid); $database->setQuery($query); $cont = $database->loadObjectList(); if ($database->getErrorNum()) { echo $database->stderr(); }

$gid can use intval($gid)

pragma wrote:

QUOTE:
$gid can use intval($gid)

I followed your suggestions and everything is working now. A last question, did i add the code the right way? I replaced for example:

Code:

$query = "SELECT name" ."\n FROM #__puarcade_folders" ."\n WHERE id = '".mysql_real_escape_string($fid)."'";

with this:

Code:

$query = "SELECT name" ."\n FROM #__puarcade_folders" ."\n WHERE id = '".intval($fid)."'";

Yep, thats exactly right.

ALL I NEED TO SAY HERE IS AMAZING!!!!!!!!!!!!

This version fixed every single problem I was having! My scores work and I am a happy camper! Also, the support team here is absolutely fantastic!

GREAT JOB!!!!!!!!!!!!

Thanks! We are glad it is working for you!

pragma wrote:

QUOTE:
Yep, thats exactly right.

Thanks, for all your help pragma... it works now as it shoot, thanks again

I've fixed this issue in SVN. I won't use mysql_real_escape_string in future releases. It caused a fair amount of trouble.