I try make php login but I get this error: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given, what I do wrong?
register.php
<!doctype html>
<html lang"fi">
<head>
<link rel="icon" type='image/png' href='images/logo.png'>
<title>
asd
</title>
<link href="css/styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<!--reg alkaa-->
<form action="register.php" method="post">
<p><input type="text" name="username" placeholder="Username">
<p><input type="email" name="email" placeholder="Email">
<p><input type="password" name="pass" placeholder="Password">
<p><input type="password" name="pass1" placeholder="Password">
<p><input type="submit" name="submit" value="Register">
</form>
<?php
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($_POST['username']);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass1 = mysqli_real_escape_string($_POST['pass1']);
$email = mysqli_real_escape_string($_POST['email']);
if($username && $pass && $pass1 && $email)
{
if($pass==$pass1)
{
$connect = mysql_connect("mysql.example.com","username","password");
mysql_select_db("my_database");
$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email');");
echo "You have been registered.";
}
else
{
echo "Password must match.";
}
}
else
{
echo "All fields are required.";
}
}
?>
<!--reg end-->
<Center>
<a href="index.php">
<h1>
asd
</h1>
</center>
<div id="main">
<h3>
<div class="menu"> <a href="index.php">Etusivu</a> •
<a </div>
</h3>
</div>
<div class="jonne">
</div>
<script src="javascript/jquery.js"></script>
</body>
</html>
I use 000webhost and this first time when I use mysql databases online.
Use this way instead of your way.
addslashes(trim($_POST['username']));
If you use the procedural style, you have to provide both a connection and a string:
$name = mysqli_real_escape_string($conn, $name);
Only the object oriented version can be done with just a string:
$name = $link->real_escape_string($name);
The documentation should hopefully make this clear.
pass $connect as your first parameter in mysqli_real_escape_string for this first make connection then do rest.read here http://php.net/manual/en/mysqli.real-escape-string.php
The following works perfectly:-
if(isset($_POST['signup'])){
$username=mysqli_real_escape_string($connect,$_POST['username']);
$email=mysqli_real_escape_string($connect,$_POST['email']);
$pass1=mysqli_real_escape_string($connect,$_POST['pass1']);
$pass2=mysqli_real_escape_string($connect,$_POST['pass2']);
Now, the $connect is my variable containing my connection to the database. You only left out the connection variable. Include it and it shall work perfectly.
you are mixing mysql and mysqli
use this mysql_real_escape_string like
$username = mysql_real_escape_string($_POST['username']);
NOTE : mysql_* is deprecated use mysqli_* or PDO
Replace your query with the following:
$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email')", `$Connect`);
There is slight change in mysql_real_escape_string mysqli_real_escape_string. below syntax
mysql_real_escape_string syntax will be mysql_real_escape_string($_POST['sample_var'])
mysqli_real_escape_string syntax will be mysqli_real_escape_string($conn,$_POST['sample_var'])
use mysql_real_escape_string() instead of mysqli_real_escape_string()
like so:
$username = mysql_real_escape_string($_POST['username']);
From the documentation , the function mysqli_real_escape_string() has two parameters.
string mysqli_real_escape_string ( mysqli $link , string $escapestr ).
The first one is a link for a mysqli instance (database connection object), the second one is the string to escape. So your code should be like :
$username = mysqli_real_escape_string($yourconnectionobject,$_POST['username']);
mysqli_real_escape_string function requires the connection to your database.
$username = mysqli_real_escape_string($your_connection, $_POST['username']);
P.S.: Do not mix mysql_ functions* and mysqli_ functions*. Please use mysqli_* functions or PDO because mysql_* functions are deprecated and will be removed in the future.
Source: Stackoverflow.com