-3

I am having few problems with the PHP upgrade. Before, I was using PHP 5.2.0 and below; now I have upgraded to PHP 5.5.0. A few of my snippets are not running as I expected.

Here is one, for example. it says,

Deprecated: mysql_real_escape_string()

I tried mysqli_real_escape_string() and got another error:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in

Here is my code:

 <?php 

 require_once("includes/session.php");
  require_once("connections/connection.php"); 
   require_once("includes/functions.php"); 
?> 
<?php
 $username = $_POST['username'];
 $password = $_POST['password'];
 //$hashed_password= md5($password);

?>
<!--Receive username password and authenticate whether the same or not with database one. -->
<?php
 $username = stripslashes($username);
 $password = stripslashes($password);
 $username = mysqli_real_escape_string($username);
 $password = mysqli_real_escape_string($password);

?>

<?php

 $query = "SELECT * 
     FROM login 
     WHERE username = '{$username}' 
     AND password = '{$password}' 
     AND status=1";

 $result = mysql_query($query);
 $count = mysql_num_rows($result);
 if($count == 1){
  //for the session
   $result_fetch= mysql_fetch_array($result);
   $_SESSION['user_id']= $result_fetch['id'];
   $_SESSION['user_name']= $result_fetch['username'];

   session_register("username");
      session_register("password");
   header("Location: dashboard.php");
   exit;
 }
 else{
   echo "The username or password is incorrect."; 
 }
?>


<?php
 //5.Close connection
 if(isset($connection)){
  mysql_close($connection);
 }

?>
Improve this question
7
  • Please cut that listing down to problematic lines or at least highlight with which you have problem with. Commented Oct 10, 2014 at 12:36
  • 1
    Your first problem was to use mysql_* functions. Commented Oct 10, 2014 at 12:37
  • where are you using mysqli_real_escape_string() ?? Commented Oct 10, 2014 at 12:38
  • When trying to refactor your code to support mysqli instead of mysql, you should go line by line on your mysql_ commands and see the new/altered syntax in the mysqli_ version on the php manual. Commented Oct 10, 2014 at 12:40
  • 4
    PHP's mysql_ API is deprecated. Use PDO or mysqli_ instead, and in conjunction with prepared statements. Commented Oct 10, 2014 at 12:42

1 Answer 1

Reset to default
3

mysqli_real_escape_string needs two arguments to work:

Syntax:

mysqli_real_escape_string($connection,$escapestring);

You need to give it the connection variable. This looks like

$connection=mysqli_connect("host","my_user","my_password","my_db");

You should refresh your PHP knowledge.

An alternative method would be to use a database object so you don’t have to pass in the connection details each time.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.