24

I try make php login but I get this error: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given, what I do wrong?

register.php

<!doctype html>
<html lang"fi">
<head>
<link rel="icon" type='image/png' href='images/logo.png'>
<title>
asd
</title>
<link href="css/styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<!--reg alkaa-->
<form action="register.php" method="post">
<p><input type="text" name="username" placeholder="Username">
<p><input type="email" name="email" placeholder="Email">
<p><input type="password" name="pass" placeholder="Password">
<p><input type="password" name="pass1" placeholder="Password">
<p><input type="submit" name="submit" value="Register">
</form>
<?php

if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($_POST['username']);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass1 = mysqli_real_escape_string($_POST['pass1']);
$email = mysqli_real_escape_string($_POST['email']);
if($username && $pass && $pass1 && $email)
{
if($pass==$pass1)
{
    $connect = mysql_connect("mysql.example.com","username","password");
    mysql_select_db("my_database");
    $query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email');");
    echo "You have been registered.";
}
else
{
    echo "Password must match.";
}
}
else
{
echo "All fields are required.";
}
}
 ?>
<!--reg end-->
<Center>
<a href="index.php">
<h1>
asd
</h1>
</center>
<div id="main">
<h3>
 <div class="menu"> <a href="index.php">Etusivu</a> &bullet; 
 <a                                       </div>
</h3>
</div>
<div class="jonne"> 
</div>
<script src="javascript/jquery.js"></script>
</body>
</html>

I use 000webhost and this first time when I use mysql databases online.

Dharman
  • 30,962
  • 25
  • 85
  • 135
SuperTroll
  • 447
  • 1
  • 4
  • 15

11 Answers11

54

You are mixing mysqli and mysql function.

If your are using mysql function then instead mysqli_real_escape_string($your_variable); use

$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass1 = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);

If your using mysqli_* function then you have to include your connection to database into mysqli_real_escape function :

$username = mysqli_real_escape_string($your_connection, $_POST['username']);
$pass = mysqli_real_escape_string($your_connection, $_POST['pass']);
$pass1 = mysqli_real_escape_string($your_connection, $_POST['pass1']);
$email = mysqli_real_escape_string($your_connection, $_POST['email']);

Note : Use mysqli_* function since mysql has been deprecated. For information please read mysqli_*

BenMorel
  • 34,448
  • 50
  • 182
  • 322
Rakesh Shetty
  • 4,548
  • 7
  • 40
  • 79
3

From the documentation , the function mysqli_real_escape_string() has two parameters.

string mysqli_real_escape_string ( mysqli $link , string $escapestr ).

The first one is a link for a mysqli instance (database connection object), the second one is the string to escape. So your code should be like :

$username = mysqli_real_escape_string($yourconnectionobject,$_POST['username']);
Jenz
  • 8,280
  • 7
  • 44
  • 77
1

mysqli_real_escape_string function requires the connection to your database.

$username = mysqli_real_escape_string($your_connection, $_POST['username']);

P.S.: Do not mix mysql_ functions* and mysqli_ functions*. Please use mysqli_* functions or PDO because mysql_* functions are deprecated and will be removed in the future.

John Robertson
  • 1,486
  • 13
  • 16
1

you are mixing mysql and mysqli

use this mysql_real_escape_string like

$username = mysql_real_escape_string($_POST['username']);

NOTE : mysql_* is deprecated use mysqli_* or PDO

Satish Sharma
  • 9,547
  • 6
  • 29
  • 51
1

If you use the procedural style, you have to provide both a connection and a string:

$name = mysqli_real_escape_string($conn, $name);

Only the object oriented version can be done with just a string:

$name = $link->real_escape_string($name);

The documentation should hopefully make this clear.

paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
1

The following works perfectly:-

if(isset($_POST['signup'])){
$username=mysqli_real_escape_string($connect,$_POST['username']);
$email=mysqli_real_escape_string($connect,$_POST['email']);
$pass1=mysqli_real_escape_string($connect,$_POST['pass1']);
$pass2=mysqli_real_escape_string($connect,$_POST['pass2']);

Now, the $connect is my variable containing my connection to the database. You only left out the connection variable. Include it and it shall work perfectly.

Ginaro Maina
  • 11
  • 1
0

pass $connect as your first parameter in mysqli_real_escape_string for this first make connection then do rest.read here http://php.net/manual/en/mysqli.real-escape-string.php

Suchit kumar
  • 11,809
  • 3
  • 22
  • 44
0

Use this way instead of your way. 

    addslashes(trim($_POST['username']));
max3000
  • 19
  • 6
0

There is slight change in mysql_real_escape_string mysqli_real_escape_string. below syntax

mysql_real_escape_string syntax will be mysql_real_escape_string($_POST['sample_var'])

mysqli_real_escape_string syntax will be mysqli_real_escape_string($conn,$_POST['sample_var'])

raghavendra
  • 69
  • 4
-1

Replace your query with the following: 

$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email')", `$Connect`);
Ethic Or Logics
  • 111
  • 1
  • 13
-2

use mysql_real_escape_string() instead of mysqli_real_escape_string()

like so:

$username = mysql_real_escape_string($_POST['username']);
ahmed hamdy
  • 5,096
  • 1
  • 47
  • 58
Obi Ik
  • 159
  • 2
  • 9