Warning: mysqli_query () expects at least 2 parameters, 1 given in

Question

Warning: mysqli_query () expects at least 2 parameters, 1 given in

Navigation

#1 by (1 votes)

1

This is a login that re-calls itself executing the code that is found before the form. I have googled but I do not find help similar to mine. Osea with calls to the database of the type of this query:

 if (isset($_POST['submit'])) {
 $query = 'SELECT user_admin_level FROM usuarios WHERE ' 'user_usuario = "' . mysqli_real_escape_string($db, $usuario) . '" AND ' . 'user_password = PASSWORD("' . mysqli_real_escape_string($db, $password) . '")';
  $result = mysqli_query($query, $db) or die (mysqli_error($db));

11/14/2016 I AM MODIFIED TO:

    $query = 'SELECT user_admin_level FROM usuarios WHERE user_usuario = . (' . mysqli_real_escape_string($db,$usuario) . ') AND ' . 'user_password =(' .  mysqli_real_escape_string($db,$password) . ')';

I receive the following error:

Warning: mysqli_error () expects exactly 1 parameter, 2 given in /login.php on line 19

This is the code:

   <?php 
   session_start();
   include_once('../includes/db.inc.php');
   include_once('header.php');
   ?>

   <?php 
   if ($db = @new mysqli (HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB)){

   // filtrare i valori in entrata
   $usuario = (isset($_POST['user_usuario'])) ? trim($_POST['user_usuario']) : '';
   $password = (isset($_POST['user_password'])) ? $_POST['user_password'] : '';
   $redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : 'main.php';

   if (isset($_POST['submit'])) {

    //QUERY YA MODIFICADA GRACIAS A: alvaro-montoro
   $query = 'SELECT user_admin_level FROM usuarios WHERE user_usuario = . (' . mysqli_real_escape_string($db,$usuario) . ') AND ' . 'user_password =(' .  mysqli_real_escape_string($db,$password) . ')';

   $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));

   if (mysql_num_rows($result) > 0) {
   $row = mysql_fetch_assoc($result);
   $_SESSION['user_usuario'] = $usuario;
   $_SESSION['logged'] = 1;
   $_SESSION['user_admin_level'] = $row['user_admin_level'];
   header ('Refresh: 5; URL=' . $redirect);
   echo '<p>Seras re-dirigido a la pagina anterior.</p>';
   echo '<p>Si tu navegador no lo hace automaticamente, ' .
   '<a href="' . $redirect . '">clic aqui</a>.</p>';
   mysql_free_result($result);
   mysql_close($db);
   die();
   } 
   else {

   // Riasicurare queste, solo per sicurezza
   $_SESSION['user_usuario'] = '';
   $_SESSION['logged'] = 0;
   $_SESSION['user_admin_level'] = 0;
   $error = '<p><strong>Has ingresado un Usuario o Paswword no valido!</strong>'.
   ' Clic aqui para <a href="register.php"> Registrarte</a> si aun no lo has hecho.</p>';
   }
   mysqli_free_result($result);
   }
   }
   ?>
   <h1>Login</h1>
   <?php
   if (isset($error)) {
   echo $error;
   }
   ?>
   <form action="login.php" method="post">
   <div class="maintform">
   <p class="formulario"><label for="name">Usuario: </label> <input maxlength="20" type="text" name="user_usuario" id="user_usuario" value="<?php echo $usuario; ?>"  /></p>
   <p class="formulario"><label for="name">Contrase&ntilde;a:</label> <input maxlength="20" type="password" name="user_password" id="user_password" value="<?php echo $password; ?>" /></p>
   <p class="formulario">
   <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
   <input class="ok" type="submit" name="submit" value="Login"/>
   <input class="no_ok" type="reset" name="testform" value="Restablecer" />
   </p>
   <input type="hidden" name="user_token" id="user_token" value="<?php echo $token; ?>"/>
   </div>
   </form>

   <?php
   mysqli_close($db);
   ?>

   <?php include_once('footer.php'); ?>

It seems that the error is on lines 15, 16, 17, 18 and 19:

if (isset($_POST['submit'])) {
$query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) . 
'" AND ' . 'user_password = PASSWORD("' .  mysqli_real_escape_string($db,$password) . '")';

 $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));

The code is adapted to my needs these files . But I've been having problems with: mysqli_real_escape_string and mysqli_error .

php mysqli

asked by jolunavi 13.11.2016 в 04:12

source

1 answer

Sort columns in jqgrid How can I block horizontal orientation in xamarion IOS?

score 1 · Answer 1

The error you receive is here: mysqli_error($db,$query) , if you go to the PHP documentation for that function you'll see that you only need one parameter that is linked to the database, but you are passing it two parameters.

That line should be something like this:

$result = mysqli_query($db,$query) or die (mysqli_error($db));

Still, you have the doubt of why it is failing. You can see that in how the query is generated in $ query, which is incorrect:

$query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) . 
'" AND ' . 'user_password = PASSWORD("' .  mysqli_real_escape_string($db,$password) . '")';

At least one error is that you are closing double quotes that were never opened (just after where the user is added, at the beginning of the second line).

As recommendation / comment: this type of errors are "common" in dynamic sentences, if you use prepared sentences they would be easier to detect and see (and also your sentences would be more secure).