We Keep Coding

PHP - how to store password_hash results in an array? [duplicate]

I got the warning:
Warning: mysqli_query() expects parameter 1 to be mysqli, string given in (...) on line 6
My code is here:
<?php
require_once 'conn.php';
$sql = "SELECT user_id, access_lvl, name FROM cms_users ";
$result = mysqli_query($sql, $conn);

It's exactly as the error states as you're passing arguments to mysqli_query() incorrectly. Assuming $conn is your mysqli connection generated at some point by new mysqli() it should be:
$result = mysqli_query( $conn,$sql) or trigger_error(mysqli_error($conn)));
The way you were calling it you were passing a string, $sql as the first argument.

I was having this this problem but after swiping
$result = mysqli_query($sql, $conn) to $result = mysqli_query( $conn,$sql)
I manage to solve this error

I am 3 years too late but all you need to do is swap the parameters of mysqli_query()
$result = mysqli_query($conn, $sql)

I have the same error, although the $result = mysqli_query($conn, $sql) is the correct way around.
I var_dump() the $conn object and it is a set object at the time I run the query, but still returns a 'string given' error.
I was accessing the $conn object after being parsed into a function that I was using it with, in the same way I've done throughout the whole project without error.
Re-declaring the $conn object inside the function, instead of passing it into the function stopped the errors, although this behaviour doesn't occur anywhere else in my project. This isn't an ideal solution either.
To note: I'm using a .env for local development, which causes no issues and helps with deployment locally/remotely via .git.
After many hours, I honestly believe there is a PHP bug here, I'm using 7.3.0, but occurred in 7.2.5 as well as I'm definitely parsing it a db connection object, not a string.
Just posting this for information purposes, in case anyone else runs into it. Thanks.
PS. Passwords shouldn't be stored in the database in plain text and is a major security concern. If the author hasn't adjusted this yet (I know it's an old post), it's important to read:
Secure hash and salt for PHP passwords

Error accessing MySQL database with PHP object (nested queries)

I want to get some data from a Sphinx server and pass it to MySQL to execute some queries. I'm new to PHP so probably I'm missing something here. I've looked for similar questions but can't find anything so maybe you can help me.
The error is in the first while. I'm pretty sure it's due to the $rown variable but don't know the reason. (I've verified that I can retrieve data from the connections so it is passing the data where the error lies - could be the sql syntax of the query but that seems fine).
Edited the code thanks to the comments below, now I get the error: Warning: mysqli_fetch_object() expects parameter 1 to be mysqli_result, boolean given in C:\Apache24\htdocs\test3.php on line 20. This is because the query failed, I still suspect it is because $rown.
$sphinxcon = mysqli_connect...
$mysqlcon = mysqli_connect...
$query = "SELECT names FROM iproducts LIMIT 0,1000";
$raw_results= mysqli_query($sphinxcon, $query);
//Until here works ok, now I want to pass $raw_results to MySQL
while ($row = mysqli_fetch_object($raw_results)) {
$rown = $row->names;
$mquery = "SELECT text FROM claims WHERE EXISTS ($rown) LIMIT 0,1000";
$mysqlresults = mysqli_query($mysqlcon, $mquery);
while ($final = mysqli_fetch_object($mysqlresults)) //this is line 20
{
printf ("%s<br />", $final->text);
}
}
Thanks :)

Well $row contains an object, so would have to use it as such, maybe
$rown = (string)$row->names;
... assuming you want the variable to contain the 'names' attribute you just SELECTed from Sphinx index.
As for the mysql EXISTS(), no idea what you really doing here, seems confused. How you structured it currently suggests that 'names' attribute in sphinx contains a complete SELECT query, that mysql could execute for the exists condition. That seems unlikely.
Guessing you meaning to more normal query something like
$mquery = "SELECT text FROM claims WHERE text LIKE '%$rown%' LIMIT 0,1000";
But that is subject to SQL injection, particully if names might contain single quotes. SO should escape it. Perhaps
$rown = mysqli_real_escape_string($mysqlcon, $row->names);
But might be worth reading up on prepared queries.
btw, the 'Error' you getting, is because you creating an invalid query and not dealing with it. So $mysqlresults is FALSE.
$mysqlresults = mysqli_query($mysqlcon, $mquery) or die("Mysql Error: ".mysqli_error($link)."\n");

Cannot print data from MySQL Query with PHP

I am writing a PHP script that is supposed to interact with a MySQL database. On my local testing server, the code echos out what it is supposed to just fine, but in the live environment, I get an error saying Fatal error: Call to a member function fetch_array() on a non-object in [file path removed for security] on line 42. Here is my code from around line 42.
$query = "SELECT " . $data . " FROM mySchemaTable WHERE incrementId = " . $something;
$result = mysqli_query($conn,$query);
$row = $result->fetch_array(MYSQL_BOTH); // This line is 42.
echo $row['0'];
break;

I noticed a few problems with your code:
Firstly, you're mixing OOP and Procedural programming with MySQLi commands. Although PHP allows this, you'll want to make that uniform throughout. If you're using $conn = mysqli_connect(parameters here); you'll want to focus on procedural (change $result->fetch_array(MYSQLI_BOTH) to mysqli_fetch_array($conn, MYSQLI_BOTH); for instance). (I would assume you're doing this, so do this ^ change)
Else, if it's $conn = new mysqli(parameters); then you'll want to make it OOP based; instead of mysqli_query($sql); you'd use $conn->query($sql);, assuming $sql contains the query you want to run.
Secondly, echo $row['0']; should be echo $row[0]; unless the row you're returning is actually named 0, in which case disregard this.
Thirdly, and as a side note, it's a bad idea to directly insert variables into SQL queries, especially if they're user generated. You should look into sanitizing input or prepared statements to protect against SQL injection attacks.
Sanitizing Input Reference: What's the best method for sanitizing user input with PHP?
Prepared Statements: http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

The problem was solved without my intervention. It turns out that my code was fine as it was, but something was wrong with my host's MySQL. It's fixed now, and everything is working again.

'Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in...' but my query is correct [duplicate]

This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 9 years ago.
Ok, so I know the question about 'why am I getting this warning with mysql_fetch_array...' has been asked several times, my problem is all the accepted answers state that the reasons the server is spitting this warning out is because the query itself is incorrect...this is not the case with me.
Here is the code below:
$dbhost = "host";
$dbuser = "user";
$dbpass = "pass";
$dbname= "db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname) or die ('<META HTTP-EQUIV="Refresh" CONTENT="0;URL=Failed.php?dberror=1">');
$token = mysql_escape_string($_GET['token']);
$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
Everything within the 'while' statement is being executed just fine - it makes some changes to the DB which I can validate is happening. More importantly, the query never spits out any error details. I've tried testing for cases where $result===false and asking for error info but it won't return anything then either. From what I can tell, the query string is fine and is not failing.
What am I doing wrong here? Could there any other reason why PHP doesn't like my While parameters other than the SQL statement is bad (which again, I'm convinced it's not bad)?
Also, I know I should be using mysqli/PDO....I plan to switch over to that in the near future, but I'm pulling my hair out just trying to make this work and I have no idea why it won't. It's more of a personal thing at this point...
Thanks for your help, and let me know if you need any additional info. (PHP Version 5.3)
Here is an echo of the query string ($query):
SELECT * FROM newuser WHERE token='6e194f2db1223015f404e92d35265a1b'
And here is a var_dump of the query results ($result): resource(3) of type (mysql result)

$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
If the die statement is not executed, $result is OK when you enter the while loop. The problem then is probably that you use $result for a query inside the loop as well, eventually leading to it being set to false.

So for now i can say that the problem is not the mysql_escape_string nether the using of mysql at all neither access privilege from user name and password and what i want to tell you is to test the $result and if it is a resource proceed with your while block like this
if(is_resource($result))
{
while($row = mysql_fetch_array($result))
{//process your code here}
}
and tell me if the code has been also executed :)

The query is not correct according to mysql_. The error you're receiving is telling you that $result is boolean (false).
Where is $token coming from? You best stop using mysql_ functions and use a prepared statement and a bound parameter.

your escape is wrong try this
$token = mysql_real_escape_string($_GET['token']);
instead of $token = mysql_escape_string($_GET['token']);
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
http://php.net/manual/en/function.mysql-real-escape-string.php

mysqli_num_rows() expects paramter though an earlier query on the same page works

I am getting an error when querying a table in my MySQL database. It's the standard one with mysqli_num_rows when there is no value in the variable that's being passed:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in folder/file.php on line 29
Problem is I can't find the syntax error. I've looked at it a ton of times. Here's what my code is:
$sql_messages = "SELECT * FROM messages WHERE to='$userid'";
$result_messages = $mysqli->query($sql_messages);
$num_rows_messages = mysqli_num_rows($result_messages);
I tried a fetch array but that gave me the similar error. Nothing is getting passed into $result_messages I suppose. I echo'ed out $userid and that has a value and I've checked my database and there is a table 'messages' with a field 'to'. I'm connected to the right database because I have this code before this query:
$sql="SELECT * FROM users WHERE firstname='$firstname' && lastname='$lastname'";
$result = $mysqli->query($sql);
$row = mysqli_fetch_array($result);
And that works fine. It is the third query on the page, is there some sort of limit? Does anyone see a syntax error that I'm overlooking? Thanks, sorry if it's a small little error!

It's because $mysqli->query() returned boolean FALSE, which, according to the mysqli::query() docs, it does when an error happens. You can get more detail on the error by accessing $mysqli->errno and $mysqli->error.
I'm guessing that the root of the problem lies in the query which references a column called to, which is a MySQL reserved word. Try surrounding the word to in your query with backticks. Like this:
$sql_messages = "SELECT * FROM messages WHERE `to`='$userid'";
Really, though you should avoid naming columns and tables reserved words. Consider renaming the column if feasible.