kurt.santo Posted May 1, 2008 Share Posted May 1, 2008 I have input and select fields where I store the $_POST value for example as: $country = escape_data($_POST['country']); The function is: function escape_data ($data) { // address magic quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysql_real_escape_string')) { global $dbc; // need the connection $data = mysql_real_escape_string (trim($data), $dbc); } else { $data = mysql_escape_string (trim($data)); } // return escaped value return $data; Each time I want to submit my data I receive for each field the error:mysql_real_escape_string() expects parameter 2 to be resource, object given Why is that?KurtPS Reason for edit. Thought first it just does it for one field, but actually does it for any submitted field on that form Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 You need to connect to a database first and have the MySQL connection resource stored to $dbc. You can just express it as $data = mysql_real_escape_string (trim($data)); The resource is implied unless explicitly passed. Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 You need to connect to a database first and have the MySQL connection resource stored to $dbc. You can just express it asif ($dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD)) { // establish connnection. if (!mysqli_select_db ($dbc,DB_NAME)) { // if cannot select database // handle error trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); // print message, include footer and exit. exit(); } // End of mysql_select_db IF.} else { // if couldn't connect to MySQL // print message, include footer and exit trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); exit();} // function to escape the data.function escape_data ($data) { // address magic quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysql_real_escape_string')) { global $dbc; // need the connection $data = mysql_real_escape_string (trim($data), $dbc); } else { $data = mysql_escape_string (trim($data)); } // return escaped value return $data;} ?> I open the file, it shows ok (including bits from database) and as soon as I try to submit any data the error message appears...KUrt Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 Try just removing the second parameter of your mysql_real_escape_string() call. Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 Try just removing the second parameter of your mysql_real_escape_string() call.You mean removing $dbc from "$data = mysql_real_escape_string (trim($data), $dbc);"?Kurt Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 mhmm Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 mhmmTried that, but then it refuses access to database...Kurt Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 what error do you get? Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 what error do you get?mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'user'@'localhost' (using password: NO) with the modified function to read:function escape_data ($data) { // address magic quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysql_real_escape_string')) { global $dbc; // need the connection $data = mysql_real_escape_string (trim($data)); } else { $data = mysql_escape_string (trim($data)); } // return escaped value return $data;} Kurt Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 Make sure you are calling the function after you connect to the database. That seemed so from your connect script, but that error would indicate that either you are not connecting first or there is an error with your connection... hmm... what does your complete code look like? Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 Make sure you are calling the function after you connect to the database. That seemed so from your connect script, but that error would indicate that either you are not connecting first or there is an error with your connection... hmm... what does your complete code look like?require_once for the file with db connection is first I am calling. Complete content of file to be included is (only db connect constants at top are missing):DEFINE ('DB_NAME', 'web55-makeup');if ($dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD)) { // establish connnection. if (!mysqli_select_db ($dbc,DB_NAME)) { // if cannot select database // handle error trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); // print message, include footer and exit. exit(); } // End of mysql_select_db IF.} else { // if couldn't connect to MySQL // print message, include footer and exit trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); exit();} // function to escape the data.function escape_data ($data) { // address magic quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysql_real_escape_string')) { global $dbc; // need the connection $data = mysql_real_escape_string (trim($data)); } else { $data = mysql_escape_string (trim($data)); } // return escaped value return $data;} With line $data = mysql_real_escape_string (trim($data), $dbc); I get error "mysql_real_escape_string() expects parameter 2 to be resource, object given", but content from database (in different place I display content from same db) is showing fine. I used before the mysql extension, which was working fine and since I use mysqli the problem showed up. Maybe this gives you an idea why that is? I do not have a clue...Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted May 1, 2008 Share Posted May 1, 2008 The first issue was because you were connecting using mysqli_connect and then using mysql_real_escape_string, you're mixing mysql and mysqli again. You can use mysqli_real_escape_string with your $dbc connection object. Note the parameters are in the opposite order.http://www.php.net/manual/en/mysqli.real-escape-string.php Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 The first issue was because you were connecting using mysqli_connect and then using mysql_real_escape_string, you're mixing mysql and mysqli again. You can use mysqli_real_escape_string with your $dbc connection object. Note the parameters are in the opposite order.http://www.php.net/manual/en/mysqli.real-escape-string.php Oh, not again. It always happens... Still, change all to:// function to escape the data.function escape_data ($data) { // address magic quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysqli_real_escape_string')) { global $dbc; // need the connection $data = mysqli_real_escape_string ($dbc, trim($data)); } else { $data = mysqli_escape_string (trim($data)); } // return escaped value return $data;} Now I get lots of error messages. When I first used the file without the mysqli as: if ($dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD)) { // make connnection if (!mysql_select_db (DB_NAME)) { // if it can't select the database // handle the error trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); // print a message to the user and kill the script. exit(); } // end of mysql_select_db IF} else { // if it couldn't connect to MySQL // print a message to the user and kill the script trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); exit();} // end of $dbc IF// function for escaping datafunction escape_data ($data) { // Magic Quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // check for mysql_real_escape_string() support if (function_exists('mysql_real_escape_string')) { global $dbc; // need connection $data = mysql_real_escape_string (trim($data), $dbc); } else { $data = mysql_escape_string (trim($data)); } // return the escaped value return $data;} // end of function all was fine. It is just that I had two different connect files (one with mysqli and one without), which I considered to be not a good idea. So, I changed into one connect file with the given problems...For example, line:$result = mysqli_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());(line before $query = "SELECT user_id FROM users WHERE email='$email'" now throws: mysqli_query() expects at least 2 parameters, 1 given What is going wrong here? I do not understand...Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted May 1, 2008 Share Posted May 1, 2008 First, about this:$data = mysqli_real_escape_string ($dbc, trim($data)); } else { $data = mysqli_escape_string (trim($data));Both mysqli_real_escape_string and mysqli_escape_string are the same function, one is just an alias for the other. Both of them take the same parameters and if one is defined they will both be defined.About the other error, look at the doc page, nearly all of the mysqli functions require you to send the connection object as well if you're using the procedural version instead of the object-oriented version.http://www.php.net/manual/en/mysqli.query.php Link to comment Share on other sites More sharing options...
kurt.santo Posted May 1, 2008 Author Share Posted May 1, 2008 Had to edit, because looks like this is working now. Forgot also to amend:if (mysqli_affected_rows() == 1)toif (mysqli_affected_rows($dbc) == 1)Thank a 1000-lot for your help,Kurt Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.