0

It is giving me this warning: Warning: mysqli_query() expects parameter 1 to be mysqli, object given in /Applications/MAMP/htdocs/dashboard/pages/index.php on line 45

Warning: mysqli_error() expects parameter 1 to be mysqli, object given in /Applications/MAMP/htdocs/dashboard/pages/index.php on line 50

I'm trying to insert items into table called products. But somehow this error wont go way.

Can you please tell me what I did wrong? Thank you so much.

This is the dbconfig.php

<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "products";
try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    }
catch(PDOException $e)
    {
    echo "Connection failed: " . $e->getMessage();
    }

?>

This is the table enter image description here

This is the php code

<?php

require_once('dbconfig.php');
$upload_dir = 'uploads/';

if(isset($_POST['submit'])){
    $product_picture = $_FILES['product_picture']['name'];
    $imgTmp = $_FILES['product_picture']['tmp_name'];
    $imgSize = $_FILES['product_picture']['size'];
    $product_name = $_POST['product_name'];
    $product_number = $_POST['product_number'];

    $product_quantity = $_POST['product_quantity'];
    $product_price = $_POST['product_price'];
    $product_description = $_POST['product_description'];

    if(empty($product_name)){
        $errorMsg = 'Please input product name';
    }elseif(empty($product_number)){
        $errorMsg = 'Please input product number';
    }elseif(empty($product_quantity)){
        $errorMsg = 'Please input product quantity';
    }elseif(empty($product_price)){
        $errorMsg = 'Please input product price';
    }elseif(empty($product_description)){
        $errorMsg = 'Please input product description';
    }else{
        $imgExt = strtolower(pathinfo($product_picture, PATHINFO_EXTENSION));
        $allowExt = array('jepg', 'jpg', 'png', 'gif');
        $productPic = time().'_'.rand(1000,9999).'.'.$imgExt;
        if(in_array($imgExt, $allowExt)){
            if($imgSize < 5000000){
                move_uploaded_file($imgTmp,$upload_dir.$productPic);
            }else{
                $errorMsg = 'Image too large';
            }
        }else{
            $errorMsg = 'Please select a valid image';
        }
    }

    if(!isset($errorMsg)){
        $sql = "insert into products(product_picture, product_name, product_number, product_quantity, product_price, product_description)
                values('".$productPic."', '".$product_name."', '".$product_number."', '".$product_quantity."', '".$product_price."', '".$product_description."')";
        $result = mysqli_query($conn, $sql);
        if($result){
            $successMsg = 'New record added sucessfully';
            header('refresh:5;index.php');
        }else{
            $errorMsg = 'Error'.mysqli_error($conn);
        }
    }
}

?>

This is the form section

<form class="inputarea text-center" method="post" action="" enctype="multipart/form-data">
                            <p id="addProduct" class="addTitle">Add new product</p>
                            <input id="pName" class="inputs" type="text" placeholder="Name" name="product_name" >

                            <input id="choose" type = "file" name = "product_picture" />

                            <input id="pNumber" class="inputs" type="number" placeholder="Prodect No." name="product_number" >
                            <input id="pQuantity" class="inputs" type="text" placeholder="Quantity" name="product_quantity" >
                            <input id="pPrice" class="inputs" type="text" placeholder="Price" name="product_price" >
                            <textarea id="pDescription" class="inputs" placeholder="Description" name="product_description"></textarea>
                            <button id="confirmBut" type="submit" name="submit" class="btn btn-primary btn-lg center-block">Confirm</button>
                        </form>
Derek Fu
  • 35
  • 6
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Feb 10 '17 at 04:07
  • You're also slowly implementing your own ORM so before you go all-in on that approach, do take some time to look at off-the-shelf solutions like [Doctrine](http://www.doctrine-project.org/), [Propel](http://propelorm.org/), or [Eloquent](https://laravel.com/docs/5.3/eloquent) which do all of this and more with very little fuss. – tadman Feb 10 '17 at 04:08
  • You list the database connection file in the question as config.php but the name of the file you are requiring is dbconfig.php. Is that just a mistake in the question? – tjfo Feb 10 '17 at 04:14
  • sorry it is dbconfig.php, i typed here wrong – Derek Fu Feb 10 '17 at 04:17

1 Answers1

2

The code is mixing PDO and mysqli interfaces. And that won't work.

$conn = new PDO("...");

mysqli_query($conn, ... );

If we create a PDO connection, then we use PDO interface functions.

If we use mysqli_ functions, then we create a mysqli connection.

spencer7593
  • 106,611
  • 15
  • 112
  • 140
  • Wow, time to go to bed. Can't believe I missed that. PHP resource outlining differences: http://php.net/manual/en/mysqlinfo.api.choosing.php – tjfo Feb 10 '17 at 04:22