-7

I'm getting the following error:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\wamp\www\PTT\login.php on line 28

Here's line 28:

$voornaam    = mysqli_real_escape_string($_POST['voornaam']);

Here's my code:

//Generate a key, print a form:
$key = sha1(microtime());
$_SESSION['csrf'] = $key;


if(isset($_POST['registreer'])){
$voornaam    = mysqli_real_escape_string($_POST['voornaam']);
$achternaam  = mysqli_real_escape_string($_POST['achternaam']);
$land    = mysqli_real_escape_string($_POST['land']);
$gebdate = mysqli_real_escape_string($_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']);
$inlognaam   = mysqli_real_escape_string($_POST['inlognaam']);
$wachtwoord  = mysqli_real_escape_string($_POST['wachtwoord']);
$wachtwoord_nogmaals = mysqli_real_escape_string($_POST['wachtwoord_nogmaals']);
$wachtwoordmd5   = md5($wachtwoord);
$email   = mysqli_real_escape_string($_POST['email']);
$wereld  = mysqli_real_escape_string($_POST['wereld']);
$secondaccount = mysqli_real_escape_string($_POST['agreecheck']);
$schelden = mysqli_real_escape_string($_POST['agreecheck2']);

$ip  = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$character = mysqli_real_escape_string($_POST['character']);
$referer     = mysqli_real_escape_string($_POST['referer']);
$check = mysqli_fetch_assoc(mysqli_query("SELECT `ip_aangemeld`, `aanmeld_datum` FROM `gebruikers` WHERE `ip_aangemeld`='".$ip."' ORDER BY `user_id` DESC"));
$registerdate = strtotime($check['aanmeld_datum']);
$current_time = strtotime(date('Y-m-d H:i:s'));
$countdown_time = 604800-($current_time-$registerdate);
The Codesee
  • 3,714
  • 5
  • 38
  • 78
Bradley Dale
  • 23
  • 1
  • 1
  • 7
  • check http://php.net/manual/en/mysqli.real-escape-string.php link, you should add "mysql $link" to this function – Majid Abbasi May 22 '16 at 15:02
  • What's the problem? When an error message says a function requires 2 arguments and that 1 was given, it means there is one required argument that is missing. `2-1=1`. – Arcesilas May 22 '16 at 15:03
  • Sorry, this is a very low quality question as it shows no effort in researching and fixing the error. Checking google or the php manual would have told you to add the variable, which holds the mysqli link ressource, to `mysqli_real_escape_string`. – Charlotte Dunois May 22 '16 at 15:07
  • Please start using Prepared, Parameterized Queries. http://stackoverflow.com/questions/16282103/php-mysqli-prevent-sql-injection http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Charlotte Dunois May 22 '16 at 15:10
  • That helped but a new issue approached – Bradley Dale May 22 '16 at 15:12
  • Notice: Undefined index: land in C:\wamp\www\PTT\login.php on line 30 $land = mysqli_real_escape_string($connection, $_POST['land']); – Bradley Dale May 22 '16 at 15:12
  • Then see this: http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index – Qirel May 22 '16 at 15:15
  • I honestly have to say I see no reason why this post has been downvoted 7 times. I left you an upvote :) – The Codesee May 22 '16 at 15:28

3 Answers3

2

like the warning says: you are missing an argument in mysqli_real_escape_string, you should add your db connection as an argument:

    $voornaam    = mysqli_real_escape_string($connection, $_POST['voornaam']);
AnatPort
  • 748
  • 8
  • 20
2

Escaping with mysql_real_escape_string is inadequate in preventing SQL injection Attacks, use prepared statements instead.

You need to add the mysqli connection link identifier as the first parameter:

$voornaam = mysqli_real_escape_string($con, $_POST['voornaam']);

Note: replace $con with your database variable.

The Codesee
  • 3,714
  • 5
  • 38
  • 78
-1

You need to pass your connection variable as one of the two variables of the mysqli_real_escape_string function Eg.

$a = mysqli_real_escape_string($conn, $_POST['a']);
Daniel Walker
  • 6,380
  • 5
  • 22
  • 45
Evans Edosa
  • 1
  • 2