0

I get a lot of errors like: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given

The errors are that the mysqli_real_escape_string() expects 2 parameters but there is only 1 item that needs to be updated.

The issue is here:

$updatequery = "
    UPDATE
        as_comprofiler
    SET
        cb_empstatustime = '".time()."'
        , cb_profiel = '".mysqli_real_escape_string($value->profile->nickname)."'
        , cb_empstatus = '".mysqli_real_escape_string($cb_empstatus)."'
        , cb_taal = '".mysqli_real_escape_string($talen)."'
        , cb_sms = '".mysqli_real_escape_string($sms)."'
    WHERE
        cb_boxnr = '".mysqli_real_escape_string($value->boxnumber)."'
    ";

and the complete part of the page:

// elke ***
foreach ($xml->consultant as $value) {

    // $cb_empstatus vullen a.d.h.v activated en callstatus
    if ($value->activated == 0) {
        $cb_empstatus = 'Afwezig';
    } elseif ($value->activated == 1) {
        if ($value->callstatus == 0) {
            $cb_empstatus = 'Beschikbaar';
        } elseif ($value->callstatus == 1) {
            $cb_empstatus = 'Bezet';
        } elseif ($value->callstatus == 2) {
            $cb_empstatus = 'Pauze';
        }
    }

    // lege variabele aanmaken
    $talen = '';
    $sep = '';

    foreach ($value->languages->language as $taal) {
        $talen .= $sep;
        $talen .= $taal;
        $sep = '|*|';
    }

    // sms code omzetten naar tekst
    if ($value->smsavailable == 1) {
        $sms = 'Ja';
    } else {
        $sms = 'Nee';
    }

    // de update query
    $updatequery = "
        UPDATE
            as_comprofiler
        SET
            cb_empstatustime = '".time()."'
            , cb_profiel = '".mysqli_real_escape_string($value->profile->nickname)."'
            , cb_empstatus = '".mysqli_real_escape_string($cb_empstatus)."'
            , cb_taal = '".mysqli_real_escape_string($talen)."'
            , cb_sms = '".mysqli_real_escape_string($sms)."'
        WHERE
            cb_boxnr = '".mysqli_real_escape_string($value->boxnumber)."'
        ";

    if (mysqli_query($updatequery) == false) {
        // foutmelding
        echo 'Niet uitgevoerd:<br>'.$updatequery.'<br><br>';
    }

Some one an idea?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Wier Rookje
  • 1
  • 1
  • 2
  • 1
    Pass DB connection to it. [`mysqli_real_escape_string($link, $escapestr)`](http://php.net/manual/en/mysqli.real-escape-string.php) - You also need to pass DB connection to your queries. – Funk Forty Niner Aug 20 '14 at 19:10
  • mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given . this is because, your query returned no search result, yet you tried to fetch results from it. – rahulmishra Aug 20 '14 at 19:14
  • See the documentation here http://php.net/manual/en/mysqli.real-escape-string.php – rahulmishra Aug 20 '14 at 19:15
  • i have also tried it like: '// connect naar database $connection = mysqli_connect($host,$user,$pass); if (!$connection) { die("Database connection failed: " . mysqli_error()); } // selecteer database $db_select = mysqli_select_db($connection,$dbas); if (!$db_select) { die("Database selection failed: " . mysqli_error()); }' and then: 'changed to: cb_profiel = '".mysqli_real_escape_string($db_select,$value->profile->nickname)."' ' but the error is the same – Wier Rookje Aug 20 '14 at 19:18

1 Answers1

0

You have to add mysqli connector as 1st parameter in mysqli_real_escape_string() function. And the string to be escaped set as 2nd parameter.

<?php
// Let's suppose this is your mysqli connector
$mysqli = mysqli_connect("localhost", "user", "password", "database");

// Then your code should looks like this:
$updatequery = "
    UPDATE
        as_comprofiler
    SET
        cb_empstatustime = '".time()."'
        , cb_profiel = '".mysqli_real_escape_string($mysqli, $value->profile->nickname)."'
        , cb_empstatus = '".mysqli_real_escape_string($mysqli, $cb_empstatus)."'
        , cb_taal = '".mysqli_real_escape_string($mysqli, $talen)."'
        , cb_sms = '".mysqli_real_escape_string($mysqli, $sms)."'
    WHERE
        cb_boxnr = '".mysqli_real_escape_string($mysqli, $value->boxnumber)."'
    "; 
?>

The documentation of mysqli_real_escape_string says it exactly:

mysqli_real_escape_string(mysqli $mysql, string $string): string

Which means that:

  1. First parameter has to be a mysqli object returned by mysqli_connect() or mysqli_init()
  2. Second parameter has to be the string to be escaped.
Martin Ille
  • 6,747
  • 9
  • 44
  • 63