Getting "Warning: mysql_query() expects parameter 1" in PHP script

Question

I am trying to learn PHP and MySQL by creating a small database and keep getting an error.

Warning: mysql_query() expects parameter 1 to be string, object given in F:\usbwebserver\root\headset\insert.php on line 14 Error:

Code:

<?php
$con=mysqli_connect("localhost","root","usbw","consoleheadsets");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
echo "connected succesfully.";

$sql="INSERT INTO headset (user, console, prodname, price, mic, sound, surround, comment)
VALUES
('$_POST[user]','$_POST[console]','$_POST[prodname]')','$_POST[price]','$_POST[mic]','$_POST[sound]','$_POST[surround]','$_POST[comment]')";

if (!mysql_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "Headset added succesfully.";

mysqli_close($con);
?>

The code was taken from this page on W3Schools and I just added the fields I needed. I can insert data in phpMyAdmin - it seems to work not sure what length to use for price decimal.

Database table:

user,verchar 
console,verchar 
prodname,verchar 
price,decimal,(6.0) 
mic,verchar 
sound,verchar 
surround,verchar 
comment,verchar 
id,int(11),auto_increment,primary

Thanks for the reply.

You are mixing mysqli and mysql. They're entirely different APIs. Use one or the other. — deceze, Mar 13 '14 at 15:52
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) (as well as a modern one!) and should use (only) a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Mar 13 '14 at 15:53
Read a better tutorial, and don't leave out the **i** in `mysqli` when copy and pasting. — mario, Mar 13 '14 at 15:53
Just so you know, you've likely acquired the downvotes as this is a popular question. A good trick when debugging an error is to search for the error, either here or in a search engine - which will get you your answer more quickly too! — halfer, Mar 13 '14 at 16:02

Awlad Liton · Accepted Answer · 2014-03-13T15:58:21.280

2

You have mixed up mysqli and mysql. All places you have used mysqli_* but in this line you have used mysql_* :

if (!mysql_query($con,$sql))

try this:

  if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }

You also need to use mysqli_real_escape_string() for each post data in your query like this:

mysqli_real_escape_string($con,$_POST['user']);

edited Mar 13 '14 at 15:58

answered Mar 13 '14 at 15:52

Awlad Liton

9,366
2
27
53

score 1 · Answer 2 · answered Mar 13 '14 at 15:53

You need to use mysqli query instead. Change:

if (!mysql_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }

to

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }

Here is a good tutorial if you are trying to learn. mysqli

score 0 · Answer 3 · answered Mar 13 '14 at 16:19

Try to Modify your code as following.

<?php
$con=mysqli_connect("localhost","root","usbw","consoleheadsets");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
else echo "connected succesfully.";

$sql="INSERT INTO headset (user, console, prodname, price, mic, sound, surround, comment)
VALUES
('$_POST['user']','$_POST['console']','$_POST['prodname]','$_POST['price']','$_POST['mic']','$_POST['sound']','$_POST['surround']','$_POST['comment']')";

if (mysqli_query($con,$sql))
  {

echo "Headset added succesfully.";
  }
else die('Error: ' . mysqli_error($con));

mysqli_close($con);
?>

use mysql_* or mysqli_* based on the php version.

Getting "Warning: mysql_query() expects parameter 1" in PHP script

3 Answers3