2

I have an problem with my database connection and I really dont understand what I'm supposed to do. Anyone can help me?

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /customers/f/4/7/zebratv.se/httpd.www/classes/db.php on line 47 Fatal error: Call to a member function query() on null in /customers/f/4/7/zebratv.se/httpd.www/classes/db.php on line 61

<?php
class db
{

    public function __construct()
    {
        global $CONFIG;
        $mysqli = $CONFIG->get("database");
        $this->dbconn($mysqli["host"], $mysqli["username"], $mysqli["password"], $mysqli["database"]);

    }
    private function dbconn($mysqli_host, $mysqli_user, $mysqli_pass, $mysqli_db)
    {


        if (!($conn = new mysqli($mysqli_host, $mysqli_user, $mysqli_pass)))
        {
          switch (mysqli_errno($conn))
          {
            case 1040:
            case 2002:
                if ($_SERVER[REQUEST_METHOD] == "GET")
                    die("<html><head><meta http-equiv=refresh content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border=0 width=100% height=100%><tr><td><h3 align=center>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
                else
                    die("Too many users. Please press the Refresh button in your browser to retry.");
            default:
                die("[" . mysqli_errno($conn) . "] dbconn: mysqli_connect: " . mysqli_error($conn));
          }
        }
        mysqli_select_db($conn, $mysqli_db)
            or die('dbconn:  mysqli_select_db: ' + mysqli_error($conn));

        usercontrol::userlogin();
    }
    public function sql_query($query)
    {    
        @++$_SESSION['totalqueries'];
        return $conn->query($query);
    }

    public function sanitize($var)
    {
        return($this->sqlesc((htmlspecialchars($var))));
    }
    function sqlesc($x) {
         return "'".mysqli_real_escape_string($x)."'";
    }
    public function sqlerr($file = '', $line = '')
    {
      print("<table border=0 bgcolor=blue align=left cellspacing=0 cellpadding=10 style='background: blue'>" .
        "<tr><td class=embedded><font color=white><h1>SQL Error</h1>\n" .
      "<b>" . mysqli_error() . ($file != '' && $line != '' ? "<p>in $file, line $line</p>" : "") . "</b></font></td></tr></table>");
      die;
    }
    public function get_row_count($table, $suffix = "")
    {
        if ($suffix)
            $suffix = " $suffix";
        $query = "SELECT COUNT(*) FROM ".$table."".$suffix;
        $r = $conn->query($query) or die(mysqli_error());
        $a = $conn->fetch_row($r) or die(mysqli_error());
        return $a[0];
    }

}
$DB = new db;
?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
mrbluzka
  • 21
  • 1

2 Answers2

4

mysqli_real_escape_string function requires the database link as the first argument. So change

mysqli_real_escape_string($x)

with

mysqli_real_escape_string($conn, $x)
Mihai Matei
  • 24,166
  • 5
  • 32
  • 50
3

The problem is here:

function sqlesc($x) {
     return "'".mysqli_real_escape_string($x)."'";
}

The error is quite straightforward - you're only providing one parameter when you should be providing two. Here's the documentation of the function.

mysqli_real_excape_string() expects the first parameter to be the current mysqli connection and the second one to be the string:

mysqli_real_excape_string($conn,$x);

You will obviously need to pass that variable to the function first.

Andrius
  • 5,934
  • 20
  • 28
  • and now I got this. can you please help me? Call to a member function get() on null in /customers/f/4/7/zebratv.se/httpd.www/classes/db.php on line 8 and line 8 is $mysqli = $CONFIG->get("database"); – mrbluzka Nov 18 '15 at 09:37
  • `$CONFIG` is not defined. Where have you defined it? It's not in the code. – Andrius Nov 18 '15 at 09:41