php 警告:mysqli_real_escape_string() 需要 2 个参数,1 个给定...我做错了什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25636975/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given... what i do wrong?
提问by SuperTroll
I try make php login but i get this error: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given,what I do wrong?
我尝试进行 php 登录,但出现此错误:Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given,我做错了什么?
register.php
注册.php
<!doctype html>
<html lang"fi">
<head>
<link rel="icon" type='image/png' href='images/logo.png'>
<title>
asd
</title>
<link href="css/styles.css" type="text/css" rel="stylesheet">
</head>
<body>
<!--reg alkaa-->
<form action="register.php" method="post">
<p><input type="text" name="username" placeholder="Username">
<p><input type="email" name="email" placeholder="Email">
<p><input type="password" name="pass" placeholder="Password">
<p><input type="password" name="pass1" placeholder="Password">
<p><input type="submit" name="submit" value="Register">
</form>
<?php
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($_POST['username']);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass1 = mysqli_real_escape_string($_POST['pass1']);
$email = mysqli_real_escape_string($_POST['email']);
if($username && $pass && $pass1 && $email)
{
if($pass==$pass1)
{
$connect = mysql_connect("mysql.example.com","username","password");
mysql_select_db("my_database");
$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email');");
echo "You have been registered.";
}
else
{
echo "Password must match.";
}
}
else
{
echo "All fields are required.";
}
}
?>
<!--reg end-->
<Center>
<a href="index.php">
<h1>
asd
</h1>
</center>
<div id="main">
<h3>
<div class="menu"> <a href="index.php">Etusivu</a> •
<a </div>
</h3>
</div>
<div class="jonne">
</div>
<script src="javascript/jquery.js"></script>
</body>
</html>
i use 000webhost and this first time when i use mysql databases online.
我使用 000webhost,这是我第一次在线使用 mysql 数据库。
回答by Rakesh Shetty
You are mixing mysqliand mysqlfunction.
你在混合mysqli和mysql运作。
If your are using mysql function then instead mysqli_real_escape_string($your_variable);use
如果您使用的是 mysql 函数,请mysqli_real_escape_string($your_variable);改用
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass1 = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);
If your using mysqli_* function then you have to include your connection to database into mysqli_real_escape function:
如果您使用 mysqli_* 函数,那么您必须将与数据库的连接包含在mysqli_real_escape 函数中:
$username = mysqli_real_escape_string($your_connection, $_POST['username']);
$pass = mysqli_real_escape_string($your_connection, $_POST['pass']);
$pass1 = mysqli_real_escape_string($your_connection, $_POST['pass1']);
$email = mysqli_real_escape_string($your_connection, $_POST['email']);
Note : Use mysqli_* function since mysql has been deprecated. For information please read mysqli_*
注意:使用 mysqli_* 函数,因为 mysql 已被弃用。有关信息,请阅读mysqli_*
回答by Jenz
From the documentation, the function mysqli_real_escape_string()has two parameters.
从文档来看,该函数mysqli_real_escape_string()有两个参数。
string mysqli_real_escape_string ( mysqli $link , string $escapestr ).
The first one is a linkfor a mysqli instance (database connection object), the second one is the stringto escape. So your code should be like :
第一个是一个链接为一个mysqli的实例(数据库连接对象),第二个是字符串逃脱。所以你的代码应该是这样的:
$username = mysqli_real_escape_string($yourconnectionobject,$_POST['username']);
回答by John Robertson
mysqli_real_escape_string functionrequires the connection to your database.
mysqli_real_escape_string 函数需要连接到您的数据库。
$username = mysqli_real_escape_string($your_connection, $_POST['username']);
P.S.:Do not mix mysql_functions*and mysqli_functions*. Please use mysqli_* functions or PDObecause mysql_* functions are deprecated and will be removed in the future.
PS:不要混用mysql_functions*和mysqli_functions*。请使用,mysqli_* functions or PDO因为 mysql_* 函数已被弃用,将来会被删除。
回答by Satish Sharma
you are mixing mysqland mysqli
你正在混合mysql和mysqli
use this mysql_real_escape_stringlike
mysql_real_escape_string像这样使用
$username = mysql_real_escape_string($_POST['username']);
NOTE :mysql_*is deprecated use mysqli_*or PDO
注意:mysql_*不推荐使用mysqli_*或PDO
回答by paxdiablo
If you use the procedural style, you have to provide both a connection and a string:
如果使用程序样式,则必须同时提供连接和字符串:
$name = mysqli_real_escape_string($conn, $name);
Only the object oriented version can be done with just a string:
只有面向对象的版本可以只用一个字符串来完成:
$name = $link->real_escape_string($name);
The documentationshould hopefully make this clear.
该文件应该有希望明确这一点。
回答by max3000
Use this way instead of your way.
用这种方式代替你的方式。
addslashes(trim($_POST['username']));
回答by Suchit kumar
pass $connectas your first parameter in mysqli_real_escape_stringfor this first make connection then do rest.read here http://php.net/manual/en/mysqli.real-escape-string.php
$connect作为你的第一个参数传递mysqli_real_escape_string给这个第一次建立连接然后在这里做 rest.read http://php.net/manual/en/mysqli.real-escape-string.php
回答by raghavendra
There is slight change in mysql_real_escape_string mysqli_real_escape_string. below syntax
mysql_real_escape_string mysqli_real_escape_string 略有变化。下面的语法
mysql_real_escape_string syntax will be mysql_real_escape_string($_POST['sample_var'])
mysql_real_escape_string 语法将是mysql_real_escape_string($_POST['sample_var'])
mysqli_real_escape_string syntax will be mysqli_real_escape_string($conn,$_POST['sample_var'])
mysqli_real_escape_string 语法将是mysqli_real_escape_string($conn,$_POST['sample_var'])
回答by Ginaro Maina
The following works perfectly:-
以下工作完美: -
if(isset($_POST['signup'])){
$username=mysqli_real_escape_string($connect,$_POST['username']);
$email=mysqli_real_escape_string($connect,$_POST['email']);
$pass1=mysqli_real_escape_string($connect,$_POST['pass1']);
$pass2=mysqli_real_escape_string($connect,$_POST['pass2']);
Now, the $connectis my variable containing my connection to the database. You only left out the connection variable. Include it and it shall work perfectly.
现在,$connect是我的变量,包含我与数据库的连接。您只遗漏了连接变量。包括它,它将完美地工作。
回答by Ethic Or Logics
Replace your query with the following:
将您的查询替换为以下内容:
$query = mysql_query("INSERT INTO users VALUES('$username','$pass','$email')", `$Connect`);
