PHP Warning: query and fetch - php

Warning: mysqli_query() expects at least 2 parameters,1 given
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given
I have those warnings as well, how can I fix this?
public static function checklogin() {
mysqli_connect();
$username = $_SESSION['USER'];
$password = $_SESSION['PASS'];
$query = "
SELECT
`account`.`id`,
`account`.`status`
FROM `account`.`account`
WHERE `account`.`login` = '".$username."'
AND `account`.`password`='".$password."'
";
$exec = mysqli_query($query);
$row = mysqli_fetch_assoc($exec);
if($row['status'] == 'OK&apos
{
return true;
}
else
{
return false;
}
}


You need to save the database connection open with mysqli_connect, and in order to actually connect to the db the host configuration. Read the connect docs here for better explanation.
Update your code with a db address (make sure you know your connection)
$db=mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
if(!$db) {
echo "ERROR connecting to my_db";
return false;
}
// sanitize
$username = filter_var($_SESSION['USER'], FILTER_SANITIZE_STRING);
$password = filter_var($_SESSION['PASS'], FILTER_SANITIZE_STRING);
$query = "
SELECT
`account`.`id`,
`account`.`status`
FROM `account`.`account`
WHERE `account`.`login` = '".$username."'
AND `account`.`password`='".$password."'
";
$exec = mysqli_query($db, $query);
$row = mysqli_fetch_assoc($exec);
...
Have a look at the mysqli_querydocs.

Related

PHP mysqli_query() to PDO

I am trying to make a page to change a password in the database.
I made the form and this is the PHP code :
if(isset($_POST['btn-newpass']))
{
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));
$password_new = md5(strip_tags($_POST['password_new']));
$password_new_conf = md5(strip_tags($_POST['password_new_conf']));
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'");
if(!$password_in_db)
{ echo "The entered username doesn't exist";}
elseif($password!=$password_in_db)
{ echo "The current password is wrong";}
if($password_new == $password_new_conf)
{$sql = mysqli_query("UPDATE utilizatori SET password='$password_new' WHERE username='$username'");}
if($sql)
{ echo "Changed successfully!";}
else
{ echo "The passwords do not match";}
}
When I try to change a password I get the following errors:
Warning: mysqli_query() expects at least 2 parameters, 1 given in A:\XAMPP\htdocs\testing\change_password.php on line 10
The entered username doesn't exist
Warning: mysqli_query() expects at least 2 parameters, 1 given in A:\XAMPP\htdocs\testing\change_password.php on line 18
Passwords do not match
In connection.php I have the following code:
class Database
{
private $host = "localhost";
private $db_name = "atlx";
private $username = "root";
private $password = "";
public $conn;
public function dbConnection()
{
$this->conn = null;
try
{
$this->conn = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->db_name, $this->username, $this->password);
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $exception)
{
echo "Connection error: " . $exception->getMessage();
}
return $this->conn;
}
}
Could somebody point me out what is wrong here?
EDIT:
I realised the connection to the database is done using PDO. How can I convert the PHP code to work with PDO?

In the mysqli_query you have to pass the connection variable to for executing
Replace
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'")
With
$password_in_db= mysqli_query($con,"SELECT password FROM utilizatori WHERE username='".$username."'")

As mysqli_query expects parameter 1 to be connection object.
Replace
$password_in_db= mysqli_query("SELECT password FROM utilizatori WHERE username='$username'")
With
$conn = new Database;
$password_in_db= mysqli_query($conn->dbConnection(),"SELECT password FROM utilizatori WHERE username='".$username."'")
OR
$password_in_db= mysql_query("SELECT password FROM utilizatori WHERE username='".$username."'")

mysqli_query($Database->dbConnection(),"SELECT password FROM utilizatori WHERE username='$username'");

Since, You are using PDO for database connection why are you using mysqli_ to perform database query. Learn more about PDO
http://php.net/manual/en/book.pdo.php
on how to perform database query using it. OR learn how to make DB connection using mysqli
http://php.net/manual/en/book.mysqli.php
For your answer if you need to perform mysqli_query you need to add your Database connection in first parameter.
mysqli_query($dblink, "SELECT * FROM City")

Your Re-Written code should be like this
if(isset($_POST['btn-newpass']))
{
$username = strip_tags($_POST['username']);
$password = md5(strip_tags($_POST['password']));
$password_new = md5(strip_tags($_POST['password_new']));
$password_new_conf = md5(strip_tags($_POST['password_new_conf']));
$password_in_db= mysql_query("SELECT password FROM utilizatori WHERE username='".$username."'")
if(!$password_in_db)
{ echo "The entered username doesn't exist";}
elseif($password!=$password_in_db)
{ echo "The current password is wrong";}
if($password_new == $password_new_conf)
{$sql = mysqli_query("UPDATE utilizatori SET password='$password_new' WHERE username='$username'");}
if($sql)
{ echo "Changed successfully!";}
else
{ echo "The passwords do not match";}
}
You can learn more about PDO in this link
http://php.net/manual/en/book.pdo.php

I've got some errors in my code [duplicate]

This question already has answers here:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
(5 answers)
Closed 1 year ago.
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 28
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 29
Warning: mysqli_select_db() expects parameter 1 to be mysqli, string
given in C:\xampp\htdocs\login2\login.php on line 31
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
string given in C:\xampp\htdocs\login2\login.php on line 35
Can anybody help me figure it out?
here is my code below.
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "server1";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// To protect mysqli injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("server1", $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from account where password='$password' AND username='$username'";
$result = mysqli_query($conn, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($mysqli), E_USER_ERROR);;
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($conn); // Closing Connection
}
}
?>

You can use both procedural style or object oriented style. Since object oriented approach is more encouraged I'll show that.
...
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
...
$db = $conn->select_db("server1"); //redundant line
...
$result = $conn->query( $query)
$rows = $conn->num_rows($query);
...
$conn->close();
And all that was needed to solve this was checking the documentation properly http://php.net/docs.php

Please check Syntax of mysqli_real_escape_string
You need to mention the $con variable as well:
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
Also, you're already specifying your database in this line:
$conn = new mysqli($servername, $username, $password,$dbname);
So, this below line is redundant. You should just remove this:
$db = mysqli_select_db("server1", $conn);

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
i'm getting the following error
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php
everything else work fine... except for this !
Here's my query :
<?php
$inputuser = $_POST["user"];
$inputpass = $_POST["pass"];
$user = "root";
$password = "";
$database = "share";
$connect = mysql_connect("localhost:3306",$user,$password);
#mysql_select_db($database) or ("Database not found");
$query = "SELECT * FROM 'users' WHERE 'username'= '$inputuser'";
$querypass = "SELECT * FROM 'users' WHERE 'password'= '$inputpass'";
$result = mysql_query($query);
$resultpass = mysql_query($querypass);
$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);
$serveruser = $row['user'];
$serverpass = $row['password'];
if ($serveruser && $serverpass) {
if (!$result) {
die ("Invalid Username/Password");
}
header('Location: Fail.php');
mysql_close();
if ($inputpass == $serverpass) {
header('Location: Home.php');
} else {
}
}
?>

Do not use mysql_* functions. They are deprecated.
You have an error in your SQL Syntax. Change your queries to this:
SELECT * FROM `users` WHERE `username`= '$inputuser';
SELECT * FROM `users` WHERE `password`= '$inputpass';
You must use backticks, ` and not ' quotes.
And please try to combine them like this:
SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass';
What if there are two users with the same password? You cannot expect all the users to use different passwords right?
Other things. You are passing the user input directly to the SQL. This is very bad and leads to SQL Injection. So you need to sanitize the inputs before you can send it to the Database server:
$inputuser = mysql_real_escape_string($_POST["user"]);
$inputpass = mysql_real_escape_string($_POST["pass"]);
Again, do not use mysql_* functions.
Update the Code
Use the following code.
// single query
$query = "SELECT * FROM `users` WHERE `username`='$inputuser' AND `password`='$inputpass'";
// your original query
$query = "SELECT * FROM `users` WHERE `username`= '$inputuser'";
Final Code
<?php
$inputuser = mysql_real_escape_string($_POST["user"]);
$inputpass = mysql_real_escape_string($_POST["password"]);
$user = "root";
$password = "";
$database = "share";
$connect = mysql_connect("localhost", $user, $password);
#mysql_select_db($database) or ("Database not found");
$query = "SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
header('Location: Home.php');
die();
}
else {
header('Location: Fail.php');
die ("Invalid Username/Password");
}
?>

Warning: mysql_num_rows() expects parameter 1 to be resource, array given in J:\xampp\htdocs\Website\rpg.php on line 157

im having trouble with this, this is my code
?php
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = 'password';
$database = 'nzpcgames';
$table = 'gameinfo';
# $dbcon = mysql_pconnect($db_host,$db_user,$db_pwd);
if (!$dbcon)
{
die('Could not connect : ' . mysql_error());
exit;
}
mysql_select_db($database, $dbcon);
$query = "SELECT gameinfo.rank, gameinfo.game, gameinfo.platform, gameinfo.genre, gameinfo.publisher, gameinfo.developer, gameinfo.score*
FROM gameinfo
WHERE (((gameinfo.genre)='rpg'))";
$result = mysql_query("SELECT * FROM {$table}");
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
echo 'No results were found';
exit;
}
?>
though every time I try to excute it, i get the title error. On my tutorial power point it said to change $result, but it did not say what to, thanks for your help

may be it is because you didn't put the connection,
$result = mysql_query("SELECT * FROM {$table}",$dbcon);
or you could try
SELECT COUNT(*) FROM $table_name
check out this http://www.php.net/manual/en/function.mysql-num-rows.php

I have a problem with mysql and php

I have a problem, this is my code:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register where email = '$eml' and password = '$pass'");
if($result1->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'client';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result2 = $db->query("select * from b_register where email = '$eml' and password = '$pass'");
if($result2->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'business';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result3 = $db->query("select * from g_register where email = '$eml' and password = '$pass'");
if($result3->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'employee';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result4 = $db->query("select * from k_register where email = '$eml' and password = '$pass'");
if($result4->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'super';
promptUser("You have successfully logged in!!!","index.php");
}
else
{
promptUser("Username/Password do not match. Please try again!!!","");
}
Funny enough this code works, but I no that I went about it the wrong way. I am new with php and mysql, so please help. I also tried e.gresult4->free(); for all the variable that save the data, and I got this error: Fatal error: Call to a member function free() on a non-object in...

Don't repeat yourself. You already made your mysqli object, so reuse it. For example:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register...");
$result2 = $db->query("select * from d_register...");
$result3 = $db->query("select * from e_register...");
This will make your code more legible, and easier to modify later.

mysqli::query() returns a result object only after a successful query.
You need to build in a check:
if(($result1 != false) and ($result1->fetch_array())) // The same for 2,3,4...
you should get the error message using
echo $db->error;

From PHP Manual:
mysqli::query returns TRUE on success or FALSE on failure. For SELECT, SHOW, DESCRIBE or EXPLAIN mysqli_query() will return a result object.
So you should test it:
if ($result != false) {
...
} else {
// print error or whatever
}
Btw. it is VERY DANGEROUS not to escape variables like $eml and $pass - if a user type as $pass something like:
bleh' OR 1 = 1 OR password = 'bleh, then the whole query will look like:
select * from b_register where email = 'some#email.com' and password = 'bleh' OR 1 = 1 OR password = 'bleh'
and the user will get logged without knowing the password!
Therefore you should use: mysql_real_escape_string($eml) and the same for $pass.
Or even better: use statement preparing and parameters binding - see: http://pl2.php.net/manual/en/mysqli.prepare.php

Categories