Access denied

PHP
1

I have a couple of docs with the following warning. thanks for help.

Warning: mysql_connect(): Access denied for user ‘root’@‘localhost’ (using password: YES) in
C:\xampp\htdocs\folder\file.php on line 17
Unable to select database:

<HTML><body bgcolor="ccffff"><center>
<form name="taxset" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
Select state/rate <p><SELECT name="taxrate">
<OPTION value=0.04000 selected>4% Alabama
<OPTION value=0.05600 >5.6% Arkansas
</Select>
<p><CENTER><INPUT type=image height=24 alt="submit button" width=129 src="rollsubmit.gif"
    border=0>
</FORM>

<?php
if(isset($_POST['submit']))
{
$taxrate = $_POST['taxrate'];
}
// error_reporting(0);
error_reporting(E_ALL ^ E_NOTICE);
mysql_connect("localhost","root"," ");
mysql_select_db("numbersdb") or die( "Unable to select database");
if(!empty($_POST["submit"]))
    {
$id = $_POST['id'];
 $query="SELECT * FROM numbdata";
// Where taxrate='$taxrate'
 $result=mysql_query($query);
 if($result)
    {
   }
 else{echo "invalid entry, $taxrate.<br /> select another?<br />";
    }
   }
if(!empty($_POST["update"]))
    {
$sql = "UPDATE numbdata SET
 taxrate = '" . mysql_real_escape_string($_POST['taxrate']) . "'
  WHERE id ='".$_POST["id"]."'";
 mysql_query($sql) or die("Update query failed.");
 echo "taxrate has been set ...";
}
 ?>

<form name="settax" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
 <br />
 <input type="text" name="taxrate"/> <p>
<INPUT type=image height=24 alt="submit button" width=129 src="rollsubmit.gif border=0>
</CENTER></form></body></html>
2

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

You’re getting the error because the MySQL Database user that your’re using doesn’t have permission to access either the server or the database.

  1. Check that the user exists (it’s generally not a good idea to use root, it’s better for each app to have its own MySQL user with permissions to access just it’s own database).
  2. Check that the password is correct.
  3. Check that the MySQL user has permission to access the “numbersdb” database