Menu
I try make php login but I get this error: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given, what I do wrong?
register.php
<!doctype html>
<html lang"fi">
<head>
<link rel="icon" type='image/png' href='images/logo.png'>
<title>
asd
</title>
<link href="css/styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<!--reg alkaa-->
<form action="register.php" method="post">
<p><input type="text" name="username" placeholder="Username">
<p><input type="email" name="email" placeholder="Email">
<p><input type="password" name="pass" placeholder="Password">
<p><input type="password" name="pass1" placeholder="Password">
<p><input type="submit" name="submit" value="Register">
</form>
<?php
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($_POST['username']);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass1 = mysqli_real_escape_string($_POST['pass1']);
$email = mysqli_real_escape_string($_POST['email']);
if($username && $pass && $pass1 && $email)
{
if($pass==$pass1)
{
$connect = mysql_connect("mysql.example.com","username","password");
mysql_select_db("my_database");
$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email');");
echo "You have been registered.";
}
else
{
echo "Password must match.";
}
}
else
{
echo "All fields are required.";
}
}
?>
<!--reg end-->
<Center>
<a href="index.php">
<h1>
asd
</h1>
</center>
<div id="main">
<h3>
<div class="menu"> <a href="index.php">Etusivu</a> •
<a </div>
</h3>
</div>
<div class="jonne">
</div>
<script src="javascript/jquery.js"></script>
</body>
</html>
I use 000webhost and this first time when I use mysql databases online.
772
The mysqli_real_escape_string() function is used to escape characters in a string, making it legal to use in an SQL statement.
You should use real_escape_string on any parameter you're mixing as a string literal into the sql statement. And only on those string literal values.
Do I still need to used mysqli_real_escape_string when used prepared statements in PHP? The simple answer is no. The way it used to work is that you would take form input data, put that into a variable, and inject that data into your MySQL query in order to add that data to the database.
This extension was deprecated in PHP 5.5. 0, and it was removed in PHP 7.0.
You are mixing mysqli and mysql function.
If your are using mysql function then instead mysqli_real_escape_string($your_variable); use
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass1 = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);
If your using mysqli_* function then you have to include your connection to database into mysqli_real_escape function :
$username = mysqli_real_escape_string($your_connection, $_POST['username']);
$pass = mysqli_real_escape_string($your_connection, $_POST['pass']);
$pass1 = mysqli_real_escape_string($your_connection, $_POST['pass1']);
$email = mysqli_real_escape_string($your_connection, $_POST['email']);
Note : Use mysqli_* function since mysql has been deprecated. For information please read mysqli_*
65
From the documentation , the function mysqli_real_escape_string() has two parameters.
string mysqli_real_escape_string ( mysqli $link , string $escapestr ).
The first one is a link for a mysqli instance (database connection object), the second one is the string to escape. So your code should be like :
$username = mysqli_real_escape_string($yourconnectionobject,$_POST['username']);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
