mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error

Question

I keep getting this errors and I am having problems fixing that, am not good in PHP because am still learning. I am working on a registration form and am using PHP 5.6. I have looked at other answers on older questions but I haven't succeeded.

Here is my Code:

<?php
session_start();
if (isset($_SESSION['user']) != "") {
    header("Location: index.html");
}
include_once 'dbconnect.php';

if (isset($_POST['signup'])) {
    $fname  = mysqli_real_escape_string($_POST['fullname']);
    $tphone = mysqli_real_escape_string($_POST['telephone']);
    $uemail = mysqli_real_escape_string($_POST['email']);
    $urole  = mysqli_real_escape_string($_POST['role']);
    $upass  = md5(mysqli_real_escape_string($_POST['upass']));
    
    $uname  = trim($uname);
    $tphone = trim($tphone);
    $email  = trim($email);
    $urole  = trim($role);
    $upass  = trim($upass);
    
    // email exist or not
    $query  = "SELECT email FROM users WHERE email='$uemail'";
    $result = mysqli_query($query);
    
    $count = mysqli_num_rows($result); // if email not found then register
    
    if ($count == 0) {
        
        if (mysqli_query("INSERT INTO users(firstname,telephone,email,role,pass) VALUES('$fname','$tphone','$uemail','$urole',$upass')")) {
?>
           <script>alert('successfully registered ');</script>
            <?php
        } else {
?>
           <script>alert('error while registering you...');</script>
            <?php
        }
    } else {
?>
           <script>alert('Sorry Email ID already taken ...');</script>
            <?php
    }
    
}
?>

The errors I keep getting are:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 12

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 13

Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\Apache24\htdocs\Timewise\landing\login.php on line 18

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\Apache24\htdocs\Timewise\landing\login.php on line 19

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\Apache24\htdocs\Timewise\landing\login.php on line 21

Can you please help me on this, I need to know how I should fix this practically.

DO RTM's http://php.net/manual/en/mysqli.real-escape-string.php - http://php.net/manual/en/mysqli.query.php - People don't Google anymore?! — Funk Forty Niner, Feb 25 '16 at 17:16
`if (isset($_SESSION['user']) != "") {` Hmm, perhaps you should read the manual for `isset` too while you're at it. — Qirel, Feb 25 '16 at 17:16
that will definitely give a false positive `if (isset($_SESSION['user']) != "")` - the syntax is: `if isset AND equals to`, and not `if isset equals to` — Funk Forty Niner, Feb 25 '16 at 17:17
and if you plan on going live with md5, don't. A lot of water's gone under the bridge in 30+ years. Use `password_hash()`. — Funk Forty Niner, Feb 25 '16 at 17:20
@Qirel so from what am gathering on the mysli_real_escape manual I should put it as this, > string mysqli_real_escape_string ( mysqli $link , string $escapestr ) — john, Feb 25 '16 at 17:20
It may not be clear to you from reading the docs, but the `mysqli_*()` functions like `mysqli_real_escape_string()` and `mysqli_query()` require as their first parameter the connection variable. Within dbconnect.php you have established a connection, probably in a variable like `$con` or `$db` or `$link`. You must pass it to those functions. — Michael Berkowski, Feb 25 '16 at 17:21
For that matter, don't use `mysqli_real_escape_string()`, use prepared statements with bind variables — Mark Baker, Feb 25 '16 at 17:21
Thanks @Fred-ii- how is my code supposed to be I need help on that — john, Feb 25 '16 at 17:22
@MichaelBerkowski I have already set the db connection here is the code "setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*echo "Connected successfully";*/ } catch(PDOException $e) { echo "Connection failed: " . $e->getMessage(); } ?> " — john, Feb 25 '16 at 17:24
right there ^ you can't mix APIs. you need to use the same one from connecting to querying. **PDO and mysqli_ = no love.** PDO+PDO= love. mysqli_ + mysqli_ = love — Funk Forty Niner, Feb 25 '16 at 17:24
@Fred-ii- so if I used PDO in my dbconnect I should not use mysqli again, instead I should do PDO all the way? — john, Feb 25 '16 at 17:27
@RyanVincent yes there is, if I got another option or meant to understand why not to use it — john, Feb 25 '16 at 17:38
@RyanVincent I have read here http://www.w3schools.com/php/php_mysql_connect.asp and now I am persuaded never to use mysqli — john, Feb 25 '16 at 17:47

score 4 · Accepted Answer · edited Mar 17 '17 at 13:14

To technically answer this, both of these functions require a db connection be passed and as the first parameter, as per the manuals:

Then in comments you state that you are using PDO to connect with.

Those different MySQL APIs do not intermix. You need to use the same one from connecting to querying. Therefore, if you want to continue to use a PDO connection, you will need to use the PDO functions to query with and not mysqli_*.

Start with the manual: http://php.net/manual/en/book.pdo.php it's all in there.

And for PDO prepared statements:

http://php.net/pdo.prepared-statements

Check for errors also:

Passwords

I also noticed that you are attemtpting to store passwords MD5. This is not recommended as it is no longer considered safe to use as a password storing function.

If you are intending on going LIVE with this, don't.

Use one of the following:

CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error

1 Answers1

Linked

Related