Problems when converting mysql to mysqli - php

I'm trying to convert mysql to mysqli, but I get some errors
first error:
mysqli_query() expects at least 2 parameters, 1 given in /home/.........../class/class.mysql.php on line 55
public function query($res, $pass_no = 1) {
$q1 = mysqli_query($res, $this->db_link);
if (!$q1) {
$this->sql_error();
if ($pass_no == 1) {
if ($this->output_error == 1) {
echo 'Attempting to reconnect to MySQL...' . "\n";
}
$this->db_close();
$this->db_connect();
$this->query($res, 2);
} else {
if ($this->output_error == 1) {
echo 'Reconnection failed; please check your MySQL server settings!' . "\n";
}
}
} else {
return $q1;
}
}
second error:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/..../index.php on line 14
global $db ;
$username = mysqli_real_escape_string($_POST['username_login']);
$q ="select * from ".DB_PREFIX."admins where username='".$username."' ".
"and password='".md5( $_POST['password_login'])."'";
// echo $q;
$res =$db->query($q);
if($db->num_rows($res)==1)
{
return true ;
}
return false ;
I don't understand the 2 errors


When you get errors: Please help yourself by reading the manual .
1)
first error : mysqli_query() expects at least 2 parameters, 1 given in /home/.........../class/class.mysql.php on line 55
Your code:
$q1 = mysqli_query($res, $this->db_link);
Should be:
$q1 = mysqli_query($this->db_link, $res);
With the Database connection variable FIRST. This variable is required for almost all mysqli_ functions.
2)
second error : mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/..../index.php on line 14
See point 1, above:
mysqli_real_escape_string($connectionVariable, $_POST['username_login']);
3)
$q ="select * from ".DB_PREFIX."admins where username='".$username."' ".
"and password='".md5( $_POST['password_login'])."'";
NO
Do not do this!!! Passwords should be stored using PHPs specialist password_hash function. Please read how to use it, why you should use it, why it should be used, and the benefits of using it and here if you need to use it on older versions of PHP.

Related

Undefined Variable on mysqli_query

I have similar code that works with no errors but when I try and query my database I'm getting the several errors. Can anyone help ?
errors:
Notice: Undefined variable: link in C:\wamp64\www\twitter clone\functions.php on line 22
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\wamp64\www\twitter clone\functions.php on line 22
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\wamp64\www\twitter clone\functions.php on line 24
Code;
<?php
session_start();
$link = mysqli_connect("localhost", "root", "pass", "twitter");
if (mysqli_connect_errno()) {
print_r(mysqli_connect_error());
exit();
}
if (isset($_GET['function']) == "logout"){
session_unset();
}
function displayTweets($type) {
if ($type == 'public'){
$whereClause = "";
}
$query = "SELECT * FROM tweets ".$whereClause." ORDER BY 'datetime' DESC LIMIT 10";
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result) == 0) {
echo "No Tweets";
}
}
?>

The problem is that your $link variable is not in the function's local scope.
A way to fix this is by defining the variable in the function's local scope by adding the following line to the function:
global $link
Please have a look at this page to read more about the variable scope in PHP.
Edit:
An even better way would be to inject your connection by adding it as an argument to your function, which would have your code look something like this:
function displayTweets($type, $connection) {
if ($type == 'public'){
$whereClause = "";
}
$query = "SELECT * FROM tweets ".$whereClause." ORDER BY 'datetime' DESC LIMIT 10";
$result = mysqli_query($connection, $query);
if (mysqli_num_rows($result) == 0) {
echo "No Tweets";
}
}
After this, you would call your function using displayTweets('public',$link), with 'public' being the type, and $link being your defined connection
Also, in your current function, $whereClause could be undefined. I'm guessing your aware of this, just wanted to state it in case you get errors on that.

You have to use $link variable as global variable ($GLOBALS['link']) in displayTweets function or you have to pass $link as parameter.
$result = mysqli_query($GLOBALS['link'], $query);
or
displayTweets('public',$link);

mysqli_num_rows Function [duplicate]

This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
I'm stucked... hope for some help.
I have problem with this situation. I've been following a tutorial to add in a search feature for my website, but I've been getting the following error:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\registracija\index.php on line 48
Here is my code:
if ($password_form==$repassword_form) {
$user=mysqli_query(
$con,
"SELECT * FROM users,
WHERE username=username_form
OR email=email_form
");
$counter=mysqli_num_rows($user);
if ($counter==0) {
if (move_uploaded_file($temporary_name, $path)) {
echo "YES!<br />";
}
else {
echo "NO!<br />";
}
}
else {
echo "ERROR!<br />Some Message!<br />";
}
}
else { echo "ERROR!<br />Some Message!<br />";
}
}
else {
?>

There is an error in your query, change this:
"SELECT * FROM users,
WHERE username=username_form
OR email=email_form
"
to this to remove the comma:
"SELECT * FROM users
WHERE username=username_form
OR email=email_form
"
In addition, username_form and email_form seem to likely be strings, so your final query probably should look like this:
"SELECT * FROM users
WHERE username = '$username_form'
OR email = '$email_form'
"
Your query is failing, and then you're trying to execute an operation mysqli_num_rows(), on this.
You should strongly consider a prepared statement to avoid SQL injection:
$stmt = $db->prepare("SELECT * FROM table WHERE username=:un AND email=:em");
$stmt->execute(array(':un' => $username_form, ':em' => $email_form));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
Read more about SQL injection from this excellent article here.

expects parameter warning 1 to be resource

This below code is giving me mysql_fetch_array() expects parameter
<?php
$query = $forumdb->prepare("SELECT COUNT(*) as cnt FROM smf_personal_messages");
$query->execute();
$num_rows = mysql_fetch_array($query);
if ($query->rowCount() == 0) {
echo "<tr><td colspan='6'><small>No rows found</small></td></tr>";
}
echo ($num_rows['cnt']);
?>
Warning: mysql_fetch_array() expects parameter 1 to be resource,
object given in /home/gamin1/public_html/ucp/forumstats.php on line
127

Seems to be a reasonable assumption that you want to use PDO. As has already been mentioned, you can't mix pdo(_msyql) with the other mysql apis.
But there are some other issues with your script:
<?php
// not an error per se, but:
// no placeholders in the query + sent only once -> prepared statement superfluous
$result = $forumdb->query("SELECT COUNT(*) as cnt FROM smf_personal_messages");
// assuming PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION, so no error handling here....
// Count(*) with no explicit grouping always returns exactly one record, so
// ->rowCount() will do you no good
// instead fetch that one record and read the field holding the value of Count(*) as cnt
$row = $result->fetch();
if ( 0==$row['cnt'] ) {
echo "<tr><td colspan='6'><small>table cotains no records</small></td></tr>";
}
else {
echo '# of rows: ', row['cnt'];
}

Use $query->fetch() instead of mysql_fetch_array($query).
You are using PDO here: http://php.net/manual/fr/pdostatement.fetch.php

Query empty if included

I have been performing a query inside my page -- say, page.php -- where I run a simple query.
Pseudo-code:
$request_unavailble = mysqli_query($mysqli, "SELECT * FROM my_table WHERE availble='0'");
When this is performed from within page.php, I get all results where availble is set to 0. However, if I run this from within a seperate included file, the data returns empty. In fact, mysqli_num_rows returns 0 when included.
What's going wrong, here?
Edit
The following function was added as an include (both as a function and alone)
function compte_messagerie()
{
$requetes_messagerie = mysqli_query($mysqli, "SELECT * FROM ".DB_PREFIX."messagerie WHERE lu='0'");
if(mysqli_num_rows($requetes_messagerie) == 0)
{
echo '<a id="messagerie" href="messagerie">'.AUCUN_NOUVEAU."</a>";
}
else if(mysqli_num_rows($requetes_messagerie) == 1)
{
echo '<a id="messagerie" href="messagerie">';
echo '<span>'.mysqli_num_rows($requetes_messagerie)."</span> ";
echo MESSAGES_SINGULIER."</a>";
}
else
{
echo '<a id="messagerie" href="messagerie">';
echo '<span>'.mysqli_num_rows($requetes_messagerie)."</span> ";
echo MESSAGES_PLURIEL."</a>";
}
}

When porting your query into a function, the MySQLi connection object in $mysqli went out of scope, and was therefore invalid inside the function. With display_errors enabled, I would expect you to see errors like:
Notice: undefined variable $mysqli
Warning: mysqli_query() expects parameter 1 to be resource, null given
The cleanest solution is to pass $mysqli into your function as a parameter, making it available to the function's scope
// Expect the MySQLi resource as a parameter...
function compte_messagerie($mysqli)
{
$requetes_messagerie = mysqli_query($mysqli, "SELECT * FROM ".DB_PREFIX."messagerie WHERE lu='0'");
if(mysqli_num_rows($requetes_messagerie) == 0)
{
echo '<a id="messagerie" href="messagerie">'.AUCUN_NOUVEAU."</a>";
}
// etc.....
}

Try this. Please check if the available table is require string value or integer.
$request_unavailble = mysqli_query("SELECT * FROM my_table WHERE availble= 0 ");
while($rows = mysqli_fetch_assoc($request_unavailble)){ // <- this will check if there some data fetch
// You put some code here
}

Function getResult call

I'm working transferring my functions from MySQL to MySQLi standards.
This is my old function for getresult
function getResult($sql) {
$result = mysql_query($sql, $this->conn);
if ($result) {
return $result;
} else {
die("SQL Retrieve Error: " . mysql_error());
}
}
However, I have been following the W3schools on the mysqli_query function. Here's where I'm presently at.
function getResult($connection){
$result = mysqli_query($connection->conn);
if ($result) {
return $result;
} else {
die("SQL Retrieve Error: " . mysqli_error());
}
}
Now, the examples on W3schools are just a bit different from how I want to use mysqli_query. I'm trying to make it be directed at my DB, not some input or constants as per examples on W3S.
Notice: Trying to get property of non-object in C:\xampp\htdocs\cad\func.php on line 92
Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\cad\func.php on line 92
Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\cad\func.php on line 96
SQL Retrieve Error:
Thank you

Your version won't work for a number of reasons, not the least of which is that you haven't included the query you want to send. Assuming $this->conn is set up properly somehow, try this:
function getResult($sql) {
$result = mysqli_query($this->conn, $sql); //Note parameters reversed here.
if ($result) {
return $result;
} else {
die("SQL Retrieve Error: " . mysql_error());
}
}

From the PHP help files I found these function definitions
mixed mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )
string mysqli_error ( mysqli $link )
mysqli_query() takes the link and the actual query as mandatory parameters, and mysqli_error takes the link as one as well.
http://php.net/manual/en/mysqli.query.php
http://www.php.net/manual/en/mysqli.error.php

Categories