-1

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\login2\login.php on line 28

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\login2\login.php on line 29

Warning: mysqli_select_db() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\login.php on line 31

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, string given in C:\xampp\htdocs\login2\login.php on line 35

Can anybody help me figure it out? here is my code below.

    <?php
    session_start(); // Starting Session
    $error=''; // Variable To Store Error Message
    if (isset($_POST['submit'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "server1";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// To protect mysqli injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("server1", $conn);
// SQL query to fetch information of registerd users and finds user    match.
$query = "select * from account where password='$password' AND username='$username'";
$result = mysqli_query($conn, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($mysqli), E_USER_ERROR);;
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($conn); // Closing Connection
}
}
?>
Dave
  • 3,073
  • 7
  • 20
  • 33
Raymart C. Lopez
  • 25
  • 5
  • `$db = mysqli_select_db("server1", $conn);` unnecessary line. and `$conn = mysqli($servername, $username, $password,$dbname);` don't mix prcedural approach to object-oriented approach – Alive to die - Anant Aug 13 '16 at 04:56
  • there is ;; in $query line 35. – Dave Aug 13 '16 at 04:56
  • 3
    All you need to do is look at the php manual pages for those functions. The errors are self explanatory. I can tell you to begin with that mysql_real_escape_string requires that you pass your database connection. It uses the client information to determine character set rules. You don't need to use that function, if you use bind parameters, which you should. – gview Aug 13 '16 at 04:57
  • did you read the error? –  Aug 13 '16 at 04:58

2 Answers2

2

You can use both procedural style or object oriented style. Since object oriented approach is more encouraged I'll show that.

...
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
...
$db = $conn->select_db("server1"); //redundant line
...
$result = $conn->query( $query)
$rows = $conn->num_rows($query);
...
$conn->close();

And all that was needed to solve this was checking the documentation properly http://php.net/docs.php

Ilaya Raja S
  • 415
  • 5
  • 18
0

Please check Syntax of mysqli_real_escape_string

You need to mention the $con variable as well:

$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

Also, you're already specifying your database in this line:

$conn = new mysqli($servername, $username, $password,$dbname);

So, this below line is redundant. You should just remove this:

$db = mysqli_select_db("server1", $conn);
Indrasis Datta
  • 8,692
  • 2
  • 14
  • 32