What is this error? Warning: mysqli_query (), (fetch_array, num_rows) :: expects parameter 1 to be mysqli, null given in,

Question

What is this error? Warning: mysqli_query (), (fetch_array, num_rows) :: expects parameter 1 to be mysqli, null given in,

Navigation

#1 by (1 votes)

0

 function loguearDocente($user, $pass)
 {
 global $conexion;
 //$user = mysqli_real_escape_string($conexion, $_POST['user']);
 //$pass = mysqli_real_escape_string($conexion, $_POST['pass']);

 $sql = "SELECT * FROM users_profesores WHERE (User='".$user."' OR EMail='$user') AND Passwd='".$pass."'";
 $resultado=mysqli_query($conexion, $sql); //error
 $fila=mysqli_fetch_array($resultado,MYSQLI_ASSOC); //error
 $conta = mysqli_num_rows($resultado); // error

if ( $pass == $fila["Passwd"] ) {
 //if ( $pass == $fila ["Passwd"] )
$sql2 = "SELECT User FROM users_profesores WHERE (User='".$user."' OR EMail='$user') AND Passwd='".$pass."'";
$result = mysqli_query($conexion, $sql2);
$num_row = mysqli_num_rows($result);

if ($num_row == "1") {
$data = mysqli_fetch_array($result); // Obtiene una fila de resultados como un array asociativo, numérico, o ambos
session_start();
$_SESSION["user"] = $data["User"];
echo "1";
} else {  //fin if num_row
echo "no se encuentra registro";
   }
 } else {  //fin if pass = passDB
echo "passwds no coinciden";
  } 

}

php mysqli

asked by Armando Arellano 22.10.2016 в 21:48

source

1 answer

Simulate cd commands .. or change directory with c ++ and QT How do I get a data with condition in json? [closed]

score 1 · Accepted Answer

You are using the variable $ connection without having initialized it, so value is NULL.

To initialize it, you must call the mysqli_connect function. This function returns a connection object with MySQL, which is what the other MySQL access functions that are giving you the error need as the first parameter.

That is, you should do something like this:

function loguearDocente($user, $pass)
{
  global $conexion;
  $conexion = mysqli_connect(
    $direccionDelServidorMySQL,
    $nombreDeUsuarioDeMySQL,
    $contraseñaDelUsuarioDeMySQL,
    $nombreDeLaBaseDeDatos);

  if (!$conexion) {
    // $conexion sigue valiendo NULL, esto es porque ha habido
    // algún problema al conectar con MySQL.
    echo "Error: No se pudo conectar a MySQL." . PHP_EOL;
    echo "errno de depuración: " . mysqli_connect_errno() . PHP_EOL;
    echo "error de depuración: " . mysqli_connect_error() . PHP_EOL;
    exit;
  }

  ...
}

On the other hand, it seems that in the BD the keys are stored in plain text (I say it by the comparison if ( $pass == $fila["Passwd"] ) { ). That is very inadvisable since a possible intrusion in the system would obtain all user keys cleanly with a simple query. It is normal to keep them encrypted and if possible using a little salt. Here you can read an article explaining all this: A storage of passwords