mysqli_real_escape_string()恰好需要2个参数,其中1个给定致命错误 [英] mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error
问题描述
我一直收到此错误,并且在解决该问题时遇到了问题,在PHP中不好,因为仍在学习中.我正在使用注册表,正在使用PHP 5.6.我已经查看了有关较旧问题的其他答案,但没有成功.
I keep getting this errors and I am having problems fixing that, am not good in PHP because am still learning. I am working on a registration form and am using PHP 5.6. I have looked at other answers on older questions but I haven't succeeded.
这是我的代码:
<?php
session_start();
if (isset($_SESSION['user']) != "") {
header("Location: index.html");
}
include_once 'dbconnect.php';
if (isset($_POST['signup'])) {
$fname = mysqli_real_escape_string($_POST['fullname']);
$tphone = mysqli_real_escape_string($_POST['telephone']);
$uemail = mysqli_real_escape_string($_POST['email']);
$urole = mysqli_real_escape_string($_POST['role']);
$upass = md5(mysqli_real_escape_string($_POST['upass']));
$uname = trim($uname);
$tphone = trim($tphone);
$email = trim($email);
$urole = trim($role);
$upass = trim($upass);
// email exist or not
$query = "SELECT email FROM users WHERE email='$uemail'";
$result = mysqli_query($query);
$count = mysqli_num_rows($result); // if email not found then register
if ($count == 0) {
if (mysqli_query("INSERT INTO users(firstname,telephone,email,role,pass) VALUES('$fname','$tphone','$uemail','$urole',$upass')")) {
?>
<script>alert('successfully registered ');</script>
<?php
} else {
?>
<script>alert('error while registering you...');</script>
<?php
}
} else {
?>
<script>alert('Sorry Email ID already taken ...');</script>
<?php
}
}
?>
我一直遇到的错误是:
警告:mysqli_real_escape_string()恰好需要2个参数,第12行的C:\ Apache24 \ htdocs \ Timewise \ landing \ login.php中给出了1个参数
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 12
警告:mysqli_real_escape_string()恰好需要2个参数,第13行的C:\ Apache24 \ htdocs \ Timewise \ landing \ login.php中给出了1个参数
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 13
警告:mysqli_query()至少需要2个参数,第18行的C:\ Apache24 \ htdocs \ Timewise \ landing \ login.php中给出1个参数
Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 18
警告:mysqli_fetch_array()期望参数1为mysqli_result,在第19行的C:\ Apache24 \ htdocs \ Timewise \ landing \ login.php中给出空值
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\Apache24\htdocs\Timewise\landing\login.php on line 19
警告:mysqli_num_rows()期望参数1为mysqli_result,在第21行的C:\ Apache24 \ htdocs \ Timewise \ landing \ login.php中给出空值
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\Apache24\htdocs\Timewise\landing\login.php on line 21
能不能帮我这个忙,我需要知道我应该如何实际解决这个问题.
Can you please help me on this, I need to know how I should fix this practically.
推荐答案
要从技术上回答此问题,根据手册,这两个函数都需要传递db连接并作为第一个参数:
To technically answer this, both of these functions require a db connection be passed and as the first parameter, as per the manuals:
- http://php.net/manual/en/mysqli.query.php
- http://php.net/manual/en/mysqli.real-escape-string.php
然后在注释中指出您正在使用PDO进行连接.
Then in comments you state that you are using PDO to connect with.
那些不同的MySQL API不会相互混合.从连接到查询,您需要使用相同的内容.因此,如果要继续使用PDO连接,则需要使用PDO函数而不是使用mysqli_*
进行查询.
Those different MySQL APIs do not intermix. You need to use the same one from connecting to querying. Therefore, if you want to continue to use a PDO connection, you will need to use the PDO functions to query with and not mysqli_*
.
- 从手册开始: http://php.net/manual/zh/book.pdo.php 都在那里.
- Start with the manual: http://php.net/manual/en/book.pdo.php it's all in there.
对于PDO准备的语句:
And for PDO prepared statements:
还要检查错误:
- http://php.net/manual/en/pdo.error -handling.php (PDO)
- http://php.net/manual/en/function.error -reporting.php (PHP)
- http://php.net/manual/en/pdo.error-handling.php (PDO)
- http://php.net/manual/en/function.error-reporting.php (PHP)
密码
我还注意到您打算存储密码MD5.不建议使用此方法,因为它不再被视为安全的密码存储功能.
I also noticed that you are attemtpting to store passwords MD5. This is not recommended as it is no longer considered safe to use as a password storing function.
- 如果您打算与此直播, 不要.
使用以下之一:
- CRYPT_BLOWFISH
-
crypt()
-
bcrypt()
-
scrypt()
- > 在OPENWALL上
- > PBKDF2
- PHP.net上的PBKDF2
- PHP 5.5的
password_hash()
函数. - 兼容性包(如果PHP< 5.5) https://github.com/ircmaxell/password_compat/
- CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
- On OPENWALL
- PBKDF2
- PBKDF2 on PHP.net
- PHP 5.5's
password_hash()
function. - Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
其他链接:
有关列长的重要旁注:
如果并且当您决定使用password_hash()
或crypt时,请务必注意,如果当前密码列的长度小于60,则需要将其更改为该长度(或更大).手册建议长度为255.
If and when you do decide to use password_hash()
or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.
您将需要更改列的长度,并以新的哈希值重新开始,以使其生效.否则,MySQL将静默失败.
You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.
我也说过:
if (isset($_SESSION['user']) != "")
将给您一个假阳性.
语法为:if isset AND equals to
,而不是if isset equals to
,这就是目前的解释.
The syntax is: if isset AND equals to
, and not if isset equals to
which is what it is presently being interpreted as.
使用:
if (isset($_SESSION['user']) && $_SESSION['user'] != "")
关于您的POST阵列.
In regards to your POST arrays.
确保您使用的HTML表单确实使用POST方法,并且所有元素都具有各自的名称属性.
Make sure the HTML form you are using does use a POST method and that all elements hold their respective name attributes.
即:<input type="text" name="fullname">
等
请注意,name="fullname"
和name="FullName"
是两种不同的动物.
Note that name="fullname"
and name="FullName"
are two different animals.
- 区分大小写.
还建议在每个标头后添加exit;
,否则您的代码可能要继续执行.
It is also suggested to add exit;
after each header, otherwise your code may want to continue to execute.
header("Location: index.html");
exit;
这篇关于mysqli_real_escape_string()恰好需要2个参数,其中1个给定致命错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!