This question already has answers here:
Warning: mysqli_select_db() expects exactly 2 parameters, 1 given
(2 answers)
Closed 6 years ago.
Attempting to solve this issue. I'm trying to restore a extremely old version of Wordpress, back when it was known as B2, into a working state. After making a bunch of edits to the code in a attempt to get it working, I'm now getting this:
Warning: mysqli_select_db() expects exactly 2 parameters, 1 given in /home/Redacted/public_html/b2-include/b2functions.php on line 31
Here's the segment of the code that's having issues:
<?php
/* functions... */
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
global $HTTP_COOKIE_VARS,$user_login,$userdata,$user_level,$user_ID,$user_nickname,$user_email,$user_url,$user_pass_md5;
// *** retrieving user's data from cookies and db - no spoofing
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata["user_level"];
$user_ID=$userdata["ID"];
$user_nickname=$userdata["user_nickname"];
$user_email=$userdata["user_email"];
$user_url=$userdata["user_url"];
$user_pass_md5=md5($userdata["user_pass"]);
$pref_usequicktags=$userdata["pref_usequicktags"];
$pref_postnavigator=$userdata["pref_postnavigator"];
$pref_showinactiveusers=$userdata["pref_showinactiveusers"];
$pref_textarearows=$userdata["pref_textarearows"];
$pref_confirm=$userdata["pref_confirm"];
$pref_usespellchecker=$userdata["pref_usespellchecker"];
// *** /retrieving
}
function dbconnect() {
global $connexion, $server, $loginsql, $passsql, $base;
$connexion = mysqli_connect($server,$loginsql,$passsql) or die("Couldn't connect! So sad :( <p>You should look into this!</p>");
$connexionbase = mysqli_select_db($base) or die("Couldn't connect! So sad :( <p>You should look into this!</p>");
return(($connexion && $connexionbase));
}
I am getting the error when I load the site at all. I can provide more code if necessary.
Posting as a community wiki. I don't want rep from this and there shouldn't.
$connexionbase = mysqli_select_db($base)
Just as the error states. You need to pass the db connection as the first argument:
$connexionbase = mysqli_select_db($connexion, $base)
Reference:
http://php.net/manual/en/mysqli.select-db.php
Example from the manual:
bool mysqli_select_db ( mysqli $link , string $dbname )
Sidenote:
return(($connexion && $connexionbase));
TBH, I've never seen this type of syntax for a return. Far as I know, you can return only once or using an array.
Pulled from this answer https://stackoverflow.com/a/3815243/1415724
You can only return one value. But you can use an array that itself contains the other two values:
return array($uid, $sid);
Instead of going through all that trouble, just use the 4 parameters:
$connexion = mysqli_connect($server,$loginsql,$passsql, $base)
as per the manual:
http://php.net/manual/en/function.mysqli-connect.php
then return with and if it's really needed.
return $connexion;
Plus, why are you intending to use MD5 to store passwords with? That hashing function is no longer considered safe to use.
You're better off using password_hash().
http://php.net/manual/en/function.password-hash.php
This is the 21st century after all.
and $HTTP_COOKIE_VARS, that's deprecated.
http://php.net/manual/en/reserved.variables.cookies.php
I've no idea why you're using that code or where you got it from.
You need to pass the database name into your mysqli_select_db() function. Right now you're passing the connection improperly, you need to have that second parameter or it doesn't know what to do. Try updating it to this:
$connexionbase = mysqli_select_db(connexion, $base) ...
Related
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 5 months ago.
I am trying to get an old PHP script to work but I keep getting this notice:
Notice: Trying to get property of non-object in ...
The notice is based on the last line of this code:
$result_id_check = mysql_query("select ses_userid from fe_sessions where ses_id = '".$_COOKIE['fe_typo_user']."';");
$row_check = mysql_fetch_object($result_id_check);
if ($row_check->ses_userid) {
I also tried using mysqli_query and mysqli_fetch_object but that won't take any changes.
Any ideas how I can resolve this?
This error normally means that the query failed.
You should be checking for errors as you go like this, also the string concatenation can be made simpler if you use either the {$_COOKIE['fe_typo_user']} form of variable expansion inside a double quoted string, or alternatively this will also work $_COOKIE[fe_typo_user]
$sql = "select ses_userid
from fe_sessions
where ses_id = '{$_COOKIE['fe_typo_user']}'"
$result_id_check = mysql_query($sql);
if ( $result_id_check === false ) {
echo mysql_error();
echo 'Bad SQL : ' . $sql;
exit;
}
$row_check = mysql_fetch_object($result_id_check);
This way when you make small mistakes with your SQL, you get told about them directly and you dont have to wonder what nay have gone wrong.
Please dont use the mysql_ database extension, it
is deprecated (gone for ever in PHP7)
Specially if you are just learning PHP, spend your energies learning the PDO database extensions.
Start here
You should also be using parameterized queries ( available in the mysqli_ and PDO database extensions, but not the old deprecated mysql_ extension) to avoid SQL Injection Attack Specially if you are using data got from $_POST or $_GET or $_COOKIE
If you are considering moving to mysqli_ or PDO you should read also read this Can I mix MySQL APIs in PHP?
Before using $row_check->ses_userid just check whether $row_check is true or false.
if ($row_check) {
if ($row_check->ses_userid) {
}
}
This question already has answers here:
mysqli_query() expects at least 2 parameters, 1 given
(5 answers)
Closed 1 year ago.
Working on a login for admins on my webpage. I am following a tutorial that is kind of old, and I am trying to update it for MYSQLI. On his video, everything works perfect.. For me however..
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) or empty($password)) {
echo "<p class='warn'>Oops!</p>";
} else {
$checklogin = mysqli_query(" SELECT id FROM admins WHERE username='$username' AND password='password' ");
if(mysqli_num_rows($checklogin) == 1){
echo "You can log in.";
} else {
echo "Oops";
}
}
}
and
Warning: mysqli_query() expects at least 2 parameters, 1 given in /opt/lampp/htdocs/WEBSITES/Site1/admin/login.php on line 29
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /opt/lampp/htdocs/WEBSITES/Site1/admin/login.php on line 31
Errors about incorrect parameters can often be solved by looking up the manual for the function in question.
In this case, go to http://php.net/mysqli_query and you will see this function summary:
mixed mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )
So the two parameters expected are the mysqli object representing the connection to the database (which you will get when you first connect), and then the string of SQL to run (which you are currently passing).
The second error is a consequence of the first: because you are not checking for errors, $checklogin doesn't represent a successful query result.
Incidentally, there are a few other problems you might want to look at here, if the tutorial doesn't go on to explain them:
md5 is not a secure method for hashing passwords. Take a look at this for a more secure solution, or at least use a more up to date hash function.
you are checking empty($password), but have already applied a hashing function, which will never return an empty string
you are wide open to SQL injection; see How can I prevent SQL injection in PHP?
Your call to mysqli_query() requires the first parameter to be your connection to the database, which would have been returned during mysqli_connect(). That is your first warning.
Since you didn't provide a connection to mysqli_query() the return value of $checkLogin equals null, this is where your second warning comes in. mysqli_num_rows() expects a result set from a successful query.
Here is your fix:
$connection = mysqli_connect("host", "user", "pass", "yourDB");
$result = mysqli_query($connection, "SELECT some, fields FROM YourTable WHERE something = 'this'");
I got the warning:
Warning: mysqli_query() expects parameter 1 to be mysqli, string given in (...) on line 6
My code is here:
<?php
require_once 'conn.php';
$sql = "SELECT user_id, access_lvl, name FROM cms_users ";
$result = mysqli_query($sql, $conn);
It's exactly as the error states as you're passing arguments to mysqli_query() incorrectly. Assuming $conn is your mysqli connection generated at some point by new mysqli() it should be:
$result = mysqli_query( $conn,$sql) or trigger_error(mysqli_error($conn)));
The way you were calling it you were passing a string, $sql as the first argument.
I was having this this problem but after swiping
$result = mysqli_query($sql, $conn) to $result = mysqli_query( $conn,$sql)
I manage to solve this error
I am 3 years too late but all you need to do is swap the parameters of mysqli_query()
$result = mysqli_query($conn, $sql)
I have the same error, although the $result = mysqli_query($conn, $sql) is the correct way around.
I var_dump() the $conn object and it is a set object at the time I run the query, but still returns a 'string given' error.
I was accessing the $conn object after being parsed into a function that I was using it with, in the same way I've done throughout the whole project without error.
Re-declaring the $conn object inside the function, instead of passing it into the function stopped the errors, although this behaviour doesn't occur anywhere else in my project. This isn't an ideal solution either.
To note: I'm using a .env for local development, which causes no issues and helps with deployment locally/remotely via .git.
After many hours, I honestly believe there is a PHP bug here, I'm using 7.3.0, but occurred in 7.2.5 as well as I'm definitely parsing it a db connection object, not a string.
Just posting this for information purposes, in case anyone else runs into it. Thanks.
PS. Passwords shouldn't be stored in the database in plain text and is a major security concern. If the author hasn't adjusted this yet (I know it's an old post), it's important to read:
Secure hash and salt for PHP passwords
This question already has answers here:
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in
(3 answers)
Closed 8 years ago.
I'm sure this is a duplicate, but I can not find an answer to this. For whatever reason, I can not query my database.
Simply I am trying to call a function but I get the error...
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in ... on line 12
My dbConnect.php file has
$adConn = mysqli_connect("myHost","myUser","myPword","myDB");
My functions.php files has
require "dbConnect.php";
// Check connection
if (mysqli_connect_errno($adConn))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//-------------------------------------------------//
// Gets total number of games for a given week //
//-------------------------------------------------//
function GetGamesCount($wID){
$sql = "SELECT * FROM schedule WHERE weekID=$wID";
$gamesRS = mysqli_query($adConn, $sql);
$games = mysqli_fetch_array($gamesRS);
}
I get no error from the connection check, I have tried putting it within the funcation as well. I know I can use the mysqli_num_rows function, which I will. I just need to figure out why it won't query the database. I have tried querying with other functions with the same problem. However, if I query within the page or using ajax from a separate file, I have no problems.
I just don't see what I'm missing. Any help is greatly appreciated.
Because $adConn is declared outside of the function is not in scope. That means you do not have access to it inside the function. To have access to it you need to pass it as aparameter of the function.
function GetGamesCount($wID, $adConn){
$adConn is in the global scope and you cannot access it from the function, if you change $adConn to $GLOBALS['adConn'] it should work.
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 9 years ago.
Ok, so I know the question about 'why am I getting this warning with mysql_fetch_array...' has been asked several times, my problem is all the accepted answers state that the reasons the server is spitting this warning out is because the query itself is incorrect...this is not the case with me.
Here is the code below:
$dbhost = "host";
$dbuser = "user";
$dbpass = "pass";
$dbname= "db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname) or die ('<META HTTP-EQUIV="Refresh" CONTENT="0;URL=Failed.php?dberror=1">');
$token = mysql_escape_string($_GET['token']);
$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
Everything within the 'while' statement is being executed just fine - it makes some changes to the DB which I can validate is happening. More importantly, the query never spits out any error details. I've tried testing for cases where $result===false and asking for error info but it won't return anything then either. From what I can tell, the query string is fine and is not failing.
What am I doing wrong here? Could there any other reason why PHP doesn't like my While parameters other than the SQL statement is bad (which again, I'm convinced it's not bad)?
Also, I know I should be using mysqli/PDO....I plan to switch over to that in the near future, but I'm pulling my hair out just trying to make this work and I have no idea why it won't. It's more of a personal thing at this point...
Thanks for your help, and let me know if you need any additional info. (PHP Version 5.3)
Here is an echo of the query string ($query):
SELECT * FROM newuser WHERE token='6e194f2db1223015f404e92d35265a1b'
And here is a var_dump of the query results ($result): resource(3) of type (mysql result)
$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
If the die statement is not executed, $result is OK when you enter the while loop. The problem then is probably that you use $result for a query inside the loop as well, eventually leading to it being set to false.
So for now i can say that the problem is not the mysql_escape_string nether the using of mysql at all neither access privilege from user name and password and what i want to tell you is to test the $result and if it is a resource proceed with your while block like this
if(is_resource($result))
{
while($row = mysql_fetch_array($result))
{//process your code here}
}
and tell me if the code has been also executed :)
The query is not correct according to mysql_. The error you're receiving is telling you that $result is boolean (false).
Where is $token coming from? You best stop using mysql_ functions and use a prepared statement and a bound parameter.
your escape is wrong try this
$token = mysql_real_escape_string($_GET['token']);
instead of $token = mysql_escape_string($_GET['token']);
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
http://php.net/manual/en/function.mysql-real-escape-string.php