require("includes/connect.php");
$result = mysql_query("SELECT * FROM entries", $link);
while ($row = mysql_fetch_array($result)) {
htmlentities($row['quotes']);
}
I am trying to display data that is in the database, but I keep on getting:
Warning: mysql_real_escape_string() expects parameter 1 to be string
Is there anything wrong in the above code that is causing the problem? I am quite new to PHP and I am trying to understand what's going on and why it's doing it.
connect.php
$link = mysql_connect("localhost", "root", "");
if (!$link) {
die("Could not connect to the db");
}
mysql_select_db("ENTRIES", $link);
(I'm working on this locally, so user/pass really isn't important right now)
I don't see the point with escaping the above query, but you could do it like this:
$result = mysql_query(mysql_real_escape_string("SELECT * FROM entries"), $link);
You should read the documentation: mysql_real_escape_string()
As the error explains mysql_real_escape_string() takes a string as a parameter. In your code you posted as a comment you are passing $link which isn't a string, it's a database connection.
As #kristen, has said to solution should be to wrap you sql statement like so
$result = mysql_query(mysql_real_escape_string("SELECT * FROM entries"), $link);
If you are still receiving the error after this, you must be using the function elsewhere.
Related
So here's the problem, the script I purchase is written on PHP 5.x, and I'm using xampp with PHP7.x installed for development. Now I want to migrate my script to PHP7.x. Now I know this was asked a million times already but do you mind if you could take a look at my code and give your thoughts about it, or simply share your knowledge. I would deeply appreciate it.
Here is the code for my config.php
<?php
// mySQL information
$server = 'localhost'; // MySql server
$username = 'admin'; // MySql Username
$password = 'admin' ; // MySql Password
$database = 'arcade'; // MySql Database
// The following should not be edited
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
$con = mysql_connect($server, $username, $password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($database, $con);
// Get settings
if (!isset($install)) {
$sql = mysql_query("SELECT * FROM ava_settings");
while ($get_setting = mysql_fetch_array($sql)) {
$setting[$get_setting['name']] = $get_setting['value'];
}
}
?>
The deprecated functions are:
mysql_connect()
mysql_error()
mysql_fetch_array()
mysql_query()
mysql_select_db()
Now, I don't want to use the PDO approach, I want to use mysqli instead. Am I suppose to just replace the mysql_* into mysqli_*? So it will become like these? I don't want to hide/surpress the deprecate warnings.
mysqli_connect()
mysqli_error()
mysqli_fetch_array()
mysqli_query()
mysqli_select_db()
I just offer you that migrate to PDO driver. Because every update you may see a lot of deprecation errors.
But if you can not do it the first thing to do would probably be to replace every mysql_* function call with its equivalent mysqli_*, at least if you are willing to use the procedural API -- which would be the easier way, considering you already have some code based on the MySQL API, which is a procedural one.
Note that, for some functions, you may need to check the parameters carefully: Maybe there are some differences here and there -- but not that many, I'd say: both mysql and mysqli are based on the same library (libmysql ; at least for PHP <= 5.2)
Look at difference between mysqli and mysql:
$mysqli = mysqli_connect("example.com", "user", "password", "database");
$res = mysqli_query($mysqli, "SELECT ...");
$row = mysqli_fetch_assoc($res);
echo $row['_msg'];
$mysql = mysql_connect("example.com", "user", "password");
mysql_select_db("test");
$res = mysql_query("SELECT ...", $mysql);
$row = mysql_fetch_assoc($res);
echo $row['_msg'];
I am working on a login script with prepared statements in PHP procedural mysqli syntax. Here is my current code:
<?php
include "/ssincludes/functions.php";
$host = HOST;
$username = USER;
$password = PASSWORD;
$db_name = DATABASE;
$table = TABLEU;
//These includes and constants are fine I checked them all
$con = mysqli_connect($host, $username, $password, $db_name);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$myusername='test';
$mypassword='password1';
$sql="SELECT * FROM $table WHERE user_name=? and password=?";
$result=mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($result, 'ss', $myusername, $mypassword);
mysqli_execute($result);
mysqli_stmt_fetch($result);
$row_cnt = mysqli_num_rows($result);
echo $row_cnt;
?>
The error returned is: Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, object given
I thought I took out all instances of OO PHP in my script? Also I understand that this may mean my query is incorrect so I ran it on MySQL in the database and all seems to be fine there:
So I am lost as to what the problem could be. I read many similar posts (maybe I'm missing one that is exactly similar to mine) and none seem to handle the problem. I appreciate your time and help.
P.S. I understand the security issues with plain text passwords and using "password1". I plan to use better security practices as I build this but I just want to get prepared statements down first.
You should use
mysqli_stmt_execute
mysqli_stmt_num_rows
Instead of the mysqli_execute and mysqli_num_rows.
I have a a form that pulls data from a database(mysql to be specific) and echos the data into the value section of <input> tags. It doesn't seem to be working I have coded a view section of my website to do the same thing but from a different table in my database. I use the same code to make making changes easy and if another developer works on my site in the future. Anyway it doesn't seem to be working I'm not sure why though.
The full error I get:
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home/caseol5/public_html/jj/admin/news_update.php on line 9
Here is line 9 that the error is referring to:
$result = mysqli_query($link,$sql);
I know that both of those function are not null as I did:
echo $link
echo $sql
before that line after I started feting the error and they both are not null.
Here is the full code segment:
$nid = $_GET['nid'];
include ("../sql/dbConnect.php");
$sql = "SELECT * FROM jj_news WHERE news_id = $nid";
echo "<p>The SQL Command: $sql </p>";
echo "<p>Link: $link </p>";
$result = mysqli_query($link,$sql);
if (!$result)
{
echo "<h1>You have encountered a problem with the update.</h1>";
die( "<h2>" . mysqli_error($link) . "</h2>") ;
}
$row = mysqli_fetch_array($result);
$ntitle = $row['news_title'];
$ntline = $row['news_titleline'];
$ndesc = $row['news_desc'];
$nother = $row['news_other'];
I have looked into mysqli_query and I can't find anything I'm missing. I have also tired breaking the code down (and running parts of it and it gives the same error. My guess is it something small that I missed. I've looked at other question on this site that do that are a little similar but none seem to help. I've been looking at this for a while now and need another pair of eyes.
Update
As requested the contents of my dbconnect.php file:
$hostname = "localhost";
$username = "caseol5_jjoes";
$database = "caseol5_jj_site";
$password = "password1";
$link = mysqli_connect($hostname, $username, $password, $database);
$link = mysqli_connect($hostname,$username,$password,$database) or die("Error " . mysqli_error($link));
if (!$link)
{
echo "We have a problem!";
}
As clearly stated in the error message, mysqli_querydocs expects the first parameter to be a mysqli resource. In your case, this parameter is called $link but it holds a null value. A proper mysqli resource is normally obtained from connecting with the database by making use of mysqli_connectdocs
I expect the ../sql/dbConnect.php file holds the logic to connect with the database. Verify whether the $link variable is indeed initialized there. If it's not there, try to find an occurrence of mysqli_connect - maybe the resource is set to a different variable.
Without knowing what exactly is in ../sql/dbConnect.php, your problem right now is that you do not have a valid mysqli resource to use for mysqli_query.
I ran this code and I got a Resource id #3 error where it should have showed the full movies table.
mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("treehouse_movie_db") or die(mysql_error());
$data = mysql_query("SELECT * FROM movies")
or die(mysql_error());
echo $data;
This is not an error Your query is getting executed and you are getting appropriate resource from mysql_query() as it should be returned.
To get the response you have to use mysql_fetch_array() or mysql_fetch_assoc()
mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("treehouse_movie_db") or die(mysql_error());
$data = mysql_query("SELECT * FROM movies")
or die(mysql_error());
while($row = mysql_fetch_assoc($data))
{
print_r($row);
}
SUGGESTION: mysql_* are no longer maintained .Try switching to mysqli_* or PDO
You're not getting an error, the MySQL API is just doing what you're asking it to: echoing the contents of $data, which is a MySQL query resource at this point. Extend the code to actually retrieve the results:
while($row = mysql_fetch_object($data))
var_dump($row);
And you'll see the output.
Note that the mysql_* API is deprecated since PHP 5.5 by the way.
Resourse id #3 means that the $data variable was used to open a resourse, it is not an error.
If you were to open another resourse, like a file, using:
$var=fopen('myfile','a+');
echo $var;
You would get Resourse id $4 as a result.
So to get the output you desire, you need to use a loop.
It is described in here.
This is the code I have, but I get this error when I try to get variable from the url: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
The URL variable DEVID is a long string of characters, numbers, dashes, and underscores. Any ideas on what is wrong?
<?php
$con = mysql_connect("server","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$result = mysql_query("SELECT * FROM $user WHERE DEVID=$DEVID");
while($row = mysql_fetch_array($result))
{
if (($row["FN"]) == NULL){
echo '<meta http-equiv="refresh" content="1;url=../register/default.php?user=';
echo $_GET["user"];
echo '&DEVID=';
echo $_GET["DEVID"];
echo '">Please hold, we are taking you to the registration page.<br/><br/>';
}
}
mysql_close($con);
?>
If $DEVID is a VARCHAR field then you'll need single quotes around it in your SQL query:
SELECT * FROM $user WHERE DEVID='$DEVID'
Where is $DEVID being set before the query? You're not using PHP register_globals, and that's coming from a query-string variable are you? This is 2012! When are people going to stop using that?
Do the variables $user and $DEVID has values? Have they been initialized ?
Assuming that $user and $DEVID has been initailized the error is happening because mysql_query is returning false as the SQL query generates error when executed.
Moreover you should not use variables directly obtained from the URL. Clean the value for possible presence of single qoutes. Use mysql_real_esacape_string(). Replace the mysql_query line with the below to see the SQL error if it occurs.
$DEVID=mysql_real_escape_string($DEVID);
$result = mysql_query("SELECT * FROM $user WHERE DEVID='$DEVID'") or die(mysql_error());