Warning: mysqli_query() expects parameter 2 to be string, object given

Question

Can anyone help me with this error:

Warning: mysqli_query() expects parameter 2 to be string, object given .. on line 25.

<?php 
session_start();
include('includes/dbcon.php');

$query = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'

if (!mysqli_query($con,$query))  
{
$query = mysqli_query($con, "SELECT * FROM combo where combo_id=1");
$row=mysqli_fetch_array($query);
$price=$row['combo_price'];
$payable=$pax*$price;

test the var $query, not the mysqli_query operation in the `if` statement — crunchy, Jun 25 '19 at 19:43
You seem to have missing quotes and a `;` as well as repeatedly running `mysqli_query` — Nigel Ren, Jun 25 '19 at 19:44
I assume you meant "Warning" not "Warring" - two copy/paste errors. — halfer, Jun 25 '19 at 20:30

score 0 · Answer 1 · answered Jun 25 '19 at 20:28

<?php 
session_start();
include('includes/dbcon.php');

// you're missing some syntax here.. 
// also your $query IS your query so it should be $query = "SELECT * FROM ";

$query = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'
// you don't need this above line.. it does it all right here...
if (!mysqli_query($con,$query))  
{
$query = mysqli_query($con, "SELECT * FROM combo where combo_id=1");
$row=mysqli_fetch_array($query);
$price=$row['combo_price'];
$payable=$pax*$price;
// missing closing brackets. }

score 0 · Answer 2 · answered Jun 25 '19 at 22:54

Your code has multiple problems. Missing ;, repeated calls to mysqli_query, SQL injection and no error checking.

Instead of checking whether the query was successful with if enable exceptions at the top of your file. Use prepared statements, preferably in object-oriented way.

session_start();
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); //  this line enables exceptions
include 'includes/dbcon.php';

$stmt = $con->prepare('SELECT * FROM reservation WHERE r_date=?'); // ? is a placeholder for binding data
$stmt->bind_param('s', $date); // bind data to SQL statement as a string(s)
$stmt->execute();
$reservations = $stmt->get_result();

// if your SELECT found some record then loop on the result set fetching each row one by one
while ($row = $reservations->fetch_assoc()) {
    $combos = $con->query("SELECT * FROM combo where combo_id=1"); // if there is no data to be bound then we can use query
    $row = $combos->fetch_assoc(); // fetch the matching combo row
    $price = $row['combo_price'];
    $payable = $pax * $price;
}

Steve A. · Answer 3 · 2019-06-25T20:38:40.947

Your variable named query should only be your... query

$result = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'";

Also even if you think you will get back a record, function mysqli_fetch_array will always return an array. So you need to select the first item in the array and then the key or index.

$price = $row[0]['combo_price'];

Some code practices. Don't put everything inside your IF. Because if it fails $payable will be undefined and throw an error. Initialize it on top of your script. Also you need to store the return value of mysqli_query as you need to free the memory used for it.

mysqli_free_result($result);

Warning: mysqli_query() expects parameter 2 to be string, object given

3 Answers3