This question already has answers here:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
(5 answers)
Closed 1 year ago.
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 28
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1
given in C:\xampp\htdocs\login2\login.php on line 29
Warning: mysqli_select_db() expects parameter 1 to be mysqli, string
given in C:\xampp\htdocs\login2\login.php on line 31
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
string given in C:\xampp\htdocs\login2\login.php on line 35
Can anybody help me figure it out?
here is my code below.
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "server1";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// To protect mysqli injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("server1", $conn);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from account where password='$password' AND username='$username'";
$result = mysqli_query($conn, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($mysqli), E_USER_ERROR);;
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($conn); // Closing Connection
}
}
?>
You can use both procedural style or object oriented style. Since object oriented approach is more encouraged I'll show that.
...
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
...
$db = $conn->select_db("server1"); //redundant line
...
$result = $conn->query( $query)
$rows = $conn->num_rows($query);
...
$conn->close();
And all that was needed to solve this was checking the documentation properly http://php.net/docs.php
Please check Syntax of mysqli_real_escape_string
You need to mention the $con variable as well:
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
Also, you're already specifying your database in this line:
$conn = new mysqli($servername, $username, $password,$dbname);
So, this below line is redundant. You should just remove this:
$db = mysqli_select_db("server1", $conn);
Related
public function Fetch_num1($id) {
echo "Hi";
$sql = "SELECT * FROM editors where jid='$id'";
$result = mysqli_query($connection, $sql);
$nr = mysqli_num_rows($result);
return $nr;
}
Its shows warnings like:
mysqli_query() expects parameter 1 to be mysqli, null given
mysqli_num_rows() expects parameter 1 to be mysqli_result, null given
in
As Armali says in the comments, you are not making a database connection. Here is a typical connection code copied from w3schools (https://www.w3schools.com/php/php_mysql_connect.asp):
<?php
$servername = "localhost";
$username = "username";
$password = "password";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
Replace localhost, username, and password with your db name, user name, and password, then replace $connection with $conn.
Also, I think where should be all caps: WHERE.
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
I'm making a chat feature for a site and am not good with PHP:
<?php
if (isset($_POST['send'])) {
require 'database.php';
$input = $_POST['input'];
} else {
$sql = "INSERT INTO chatsys (chat) VALUES (?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("index.html?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sss", $input);
mysqli_stmt_execute($stmt);
header("index.html?request=success");
exit();
}
}
{
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
And database code:
<?php
$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "chatsys";
$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
?>
This results in:
Notice: Undefined variable: conn in C:\Users\John Doe\Desktop\server\htdocs\php\message\chat.php on line 11
Warning: mysqli_stmt_init() expects parameter 1 to be mysqli, null given in C:\Users\John Doe\Desktop\server\htdocs\php\message\chat.php on line 11
Warning: mysqli_stmt_prepare() expects parameter 1 to be mysqli_stmt, null given in C:\Users\john doe\Desktop\server\htdocs\php\message\chat.php on line 12
What have I done wrong?
First of all, don't blame PHP because it is a powerful and easy to use server side language, try to get close and you will love it.
Second you have unneccessary if else, and also passing extra parameters to bind param, while you just have only one to pass.
<?php
if (isset($_POST['send'])) {
require 'database.php';
$input = $_POST['input'];
$sql = "INSERT INTO chatsys (chat) VALUES (?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("index.html?error=sqlerror");
exit();
}
//No need to else here because if error happens you get back and exit.
mysqli_stmt_bind_param($stmt, "s", $input);
mysqli_stmt_execute($stmt);
header("index.html?request=success");
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
You are overcomplicating your code. You do not need all these braces or if statements. You do not need to check the return value of mysqli calls if you enable error reporting.
<?php
// If value was posted to the server
if (isset($_POST['send'])) {
// include mysqli connection
require 'database.php';
// perform prepared statement. (prepare/bind/execute)
$stmt = $conn->prepare("INSERT INTO chatsys (chat) VALUES (?)");
$stmt->bind_param("sss", $_POST['input']);
$stmt->execute();
// redirect on success
header("index.html?request=success");
exit();
}
and your connection file:
<?php
$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "chatsys";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);
$conn->set_charset('utf8mb4'); // always set the charset
Warning: mysqli_query() expects at least 2 parameters,1 given
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given
I have those warnings as well, how can I fix this?
public static function checklogin() {
mysqli_connect();
$username = $_SESSION['USER'];
$password = $_SESSION['PASS'];
$query = "
SELECT
`account`.`id`,
`account`.`status`
FROM `account`.`account`
WHERE `account`.`login` = '".$username."'
AND `account`.`password`='".$password."'
";
$exec = mysqli_query($query);
$row = mysqli_fetch_assoc($exec);
if($row['status'] == 'OK&apos
{
return true;
}
else
{
return false;
}
}
You need to save the database connection open with mysqli_connect, and in order to actually connect to the db the host configuration. Read the connect docs here for better explanation.
Update your code with a db address (make sure you know your connection)
$db=mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
if(!$db) {
echo "ERROR connecting to my_db";
return false;
}
// sanitize
$username = filter_var($_SESSION['USER'], FILTER_SANITIZE_STRING);
$password = filter_var($_SESSION['PASS'], FILTER_SANITIZE_STRING);
$query = "
SELECT
`account`.`id`,
`account`.`status`
FROM `account`.`account`
WHERE `account`.`login` = '".$username."'
AND `account`.`password`='".$password."'
";
$exec = mysqli_query($db, $query);
$row = mysqli_fetch_assoc($exec);
...
Have a look at the mysqli_querydocs.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
When I execute the following code, I gets this error:
Warning: mysql_num_rows() expects parameter 1 to be resource, object given in C:\wamp\www\my\myWork.php on line 53
Whats the wrong with this code?
<?php
if(isset($_POST['login']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Begin";
$uName = $_POST["txtUsername"];
$uPwd = $_POST["txtPwd"];
echo "Your Username is: ".$uName."<br>";
echo "Your password is: ".$uPwd."<br>";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(!$conn)
die("Connection faild: " . mysqli_connect_error());
$sql = "SELECT firstname from myguests WHERE firstname = '$uName'";
$result = $conn->query($sql);
if(mysql_num_rows($result) > 0)
{
echo "You have a login";
$_SESSION['uname'] = $uName;
}
else
echo "You don't have a login";
}
?>
I believe that because you are using mysqli_connect that you need to use the mysqli_query($conn,$sql) notation.
Try this:
$result = mysqli_query($conn,$sql)
if(mysqli_num_rows($result) > 0)
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 1 year ago.
$servername = "localhost";
$username = "csc4370FA14_18";
$password = "1db23";
$dbname = "csc4370FA14_18";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username_login = $_POST["username"];
$password_login = $_POST["pw"];
$query2 = mysql_query("SELECT * FROM users WHERE name='$username_login'");
$numrow = mysql_num_rows($query2);
if ($numrow != 0) {
while ($row = mysql_fetch_assoc($query2)) {
$dbusername = $row['name'];
$dbpassword = $row['password'];
}
// Check to see if username and password match
if ($username_login==$dbusername && $password_login==$dbpassword) {
echo "You are in";
}
else {
echo "Sorry $username_login. Incorrect password!";
}
}
This is the code I am using to check if a user matches the password (same row) in a table.
I am getting the error:
Warning: mysql_query(): Access denied for user 'apache'#'localhost'
(using password: NO) in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 14 Warning: mysql_query(): A link to the
server could not be established in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 14 Warning: mysql_num_rows() expects
parameter 1 to be resource, boolean given in
/home/csc4370FA14_18/public_html/program/assignments/group
project3/login.php on line 15
I have not a clue why this might be incorrect as the login credentials, etc work fine. I think it has something to do with mysqli, but I don't have a very good grasp of this versus the mysql_* functions. I know for a fact this is the correct connect info.
Try this code.
$servername = "localhost";
$username = "csc4370FA14_18";
$password = "1db23";
$dbname = "csc4370FA14_18";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username_login = $_POST["username"];
$password_login = $_POST["pw"];
$query2 = mysqli_query($conn,"SELECT * FROM users WHERE name='$username_login'");
$numrow = mysqli_num_rows($query2);
if ($numrow != 0) {
while ($row = mysqli_fetch_assoc($query2)) {
$dbusername = $row['name'];
$dbpassword = $row['password'];
}
// Check to see if username and password match
if ($username_login==$dbusername && $password_login==$dbpassword) {
echo "You are in";
}
else {
echo "Sorry $username_login. Incorrect password!";
}
}