mysqli_escape_string () expects exactly 2 parameters, 1 given

5

I'm experiencing an error in my code, when I run the DW c6 server behavior, when I move from mysql_ to mysqli_ , I get an error in the function executed on line 10.

The error is:

  

Warning: mysqli_escape_string () expects exactly 2 parameters, 1 given in C: \ wamp \ www \ VirtualDrive \ footer.php on line 10

This is the line of the code:

$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($theValue) : mysqli_escape_string($theValue);

Esse é o código:

<?php require_once('Connections/config.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($theValue) : mysqli_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['login'])) {
  $loginUsername=$_POST['login'];
  $password=$_POST['senha'];
  $MM_fldUserAuthorization = "nivel";
  $MM_redirectLoginSuccess = "admin/painel.php";
  $MM_redirectLoginFailed = "admin/index.php";
  $MM_redirecttoReferrer = false;
  mysqli_select_db($config,$database_config);

  $LoginRS__query = sprintf("SELECT usuario, senha, nivel FROM lp_users WHERE usuario=%s AND senha=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

  $LoginRS = mysqli_query($config, $LoginRS__query) or die(mysqli_error());
  $loginFoundUser = mysqli_num_rows($LoginRS);
  if ($loginFoundUser) {

    $loginStrGroup  = mysql_result($LoginRS,0,'nivel');

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    } 
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Could anyone help me to understand this error?

    
asked by anonymous 21.09.2015 / 17:06

3 answers

4

When the mysqli functions are used the first argument is always the connection, that's what the error says. The documentation shows you what the call should be like:

  

string mysqli_real_escape_string (mysqli $ link, string $ escapestr)

Change the occurrences of:

 $theValue = function_exists("mysqli_real_escape_string") ? 
  mysqli_real_escape_string($theValue) : mysqli_escape_string($theValue);

By:

 $theValue = function_exists("mysqli_real_escape_string") ? 
  mysqli_real_escape_string($config, $theValue) : mysqli_escape_string($config, $theValue);

Prefer to use prepares statements when using this generic code, remember to change mysql_result() in your code.

    
21.09.2015 / 17:11
3

This happens because mysqli_real_escape_string needs 2 parameters to execute:

mysqli_real_escape_string ( $link ,  $escapestr );

unlike mysql_real_escape_string that only needed 1 parameter:

mysql_real_escape_string ( $escapestr );
    
21.09.2015 / 17:11
2

The error occurs because the function mysqli_real_escape_string expects to receive 2 parameters in procedural mode.

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

And only 1 parameter in oriented mode.

string mysqli::real_escape_string ( string $escapestr )

Php Documentation

    
21.09.2015 / 17:11