Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given... what I do wrong?
You are mixing mysqli
and mysql
function.
If your are using mysql function then instead mysqli_real_escape_string($your_variable);
use
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass1 = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);
If your using mysqli_* function then you have to include your connection to database into mysqli_real_escape function :
$username = mysqli_real_escape_string($your_connection, $_POST['username']);
$pass = mysqli_real_escape_string($your_connection, $_POST['pass']);
$pass1 = mysqli_real_escape_string($your_connection, $_POST['pass1']);
$email = mysqli_real_escape_string($your_connection, $_POST['email']);
Note : Use mysqli_* function since mysql has been deprecated. For information please read mysqli_*
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in
like the warning says: you are missing an argument in mysqli_real_escape_string, you should add your db connection as an argument:
$voornaam = mysqli_real_escape_string($connection, $_POST['voornaam']);
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
Documentation says it needs two parameters:
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
The first one is a link for a mysqli instance, the second one is the string to escape.
Php 5.4 to 7.1 : Mysqli_real_escape_string() 2 parameters, 1 given in
magic_quotes_gpc is deprecated as of PHP 5.3 and removed as of PHP 5.4 ... so your check here is useless ... And keep in mind that your connection string isn't visible inside the function, You'll either have to accept it as an argument or use global keyword which isn't a good solution.
Accepting as an arugment:
function cG($con, $name){
$name=mysqli_real_escape_string($con, $_GET[$name]);
return $name;
}
cG($con, 'something');
or using global keyword:
function cG($name){
global $con;
$name=mysqli_real_escape_string($con, $_GET[$name]);
return $name;
}
mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error
To technically answer this, both of these functions require a db connection be passed and as the first parameter, as per the manuals:
- http://php.net/manual/en/mysqli.query.php
- http://php.net/manual/en/mysqli.real-escape-string.php
Then in comments you state that you are using PDO to connect with.
Those different MySQL APIs do not intermix. You need to use the same one from connecting to querying. Therefore, if you want to continue to use a PDO connection, you will need to use the PDO functions to query with and not mysqli_*
.
- Start with the manual: http://php.net/manual/en/book.pdo.php it's all in there.
And for PDO prepared statements:
- http://php.net/pdo.prepared-statements
Check for errors also:
- http://php.net/manual/en/pdo.error-handling.php (PDO)
- http://php.net/manual/en/function.error-reporting.php (PHP)
Passwords
I also noticed that you are attemtpting to store passwords MD5. This is not recommended as it is no longer considered safe to use as a password storing function.
- If you are intending on going LIVE with this, don't.
Use one of the following:
- CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
- On OPENWALL
- PBKDF2
- PBKDF2 on PHP.net
- PHP 5.5's
password_hash()
function. - Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
- PBKDF2 For PHP
Important sidenote about column length:
If and when you do decide to use password_hash()
or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.
You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.
As I also stated:
if (isset($_SESSION['user']) != "")
will give you a false positive.
The syntax is: if isset AND equals to
, and not if isset equals to
which is what it is presently being interpreted as.
Use:
if (isset($_SESSION['user']) && $_SESSION['user'] != "")
In regards to your POST arrays.
Make sure the HTML form you are using does use a POST method and that all elements hold their respective name attributes.
I.e.: <input type="text" name="fullname">
etc.
Note that name="fullname"
and name="FullName"
are two different animals.
- Those are case-sensitive.
It is also suggested to add exit;
after each header, otherwise your code may want to continue to execute.
header("Location: index.html");
exit;
PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in
You mentioned in a comment that you are using PHP 7.2, so you will have problems using any mysql_
function because this extension is deprecated since 5.5.
You should try using mysqli or PDO instead.
You showed in screenshot that you tried using mysqli_real_escape_string
function in line 147
which takes two parameters: 1- the mysqli connection, 2- the string to escape ($data
)
You did it like this: $data = mysqli_real_escape_string($_GLOBALS['$con'], $data);
You have two problems here with $_GLOBALS['$con']
it should be $GLOBALS['con']
: the GLOBALS variable without the underscore _
and the key without '$'.
So you should replace the line 147
with:
$data = mysqli_real_escape_string($GLOBALS['con'], $data);
Also I don't know if GLOBALS variable is the safest way to get variables!
Related Topics
How to Execute Two MySQL Queries as One in PHP/MySQL
PHP - Get Bool to Echo False When False
Sorting an Associative Array in PHP
How to Loop Through Two Arrays At Once
Where Does PHP'S Error Log Reside in Xampp
How Does True/False Work in PHP
Does $_Server['Http_X_Requested_With'] Exist in PHP or Not
How to Find the Mime Type of a File With PHP
Selecting Unique Values from a Column
SQL Injections in Adodb and General Website Security
How to Set HTML Value Attribute (With Spaces)
How to Select and Upload Multiple Files With HTML and PHP, Using Http Post
How to Increase the Execution Timeout in PHP
Sum Values of Multidimensional Array by Key Without Loop
How to Put Composite Keys in Models in Laravel 5
I Have an Array of Integers, How to Use Each One in a MySQL Query (In PHP)