Php 警告:mysqli\u real\u escape\u string()要求参数1为mysqli,字符串为
我的站点有一个安全区域,可以在其中添加/更新/删除数据库条目。我正在尝试将脚本从mysql更新到mysqli。除了更新部分外,其他一切都正常。当我填写新信息并单击“更新”时,会出现以下错误: 警告:mysqli\u real\u escape\u字符串预期参数1为mysqli, 字符串以 /第19行的home3/tarb89/public_html/aususrpg.net/charbase/updated.php 我不确定这里出了什么问题;我是一个完全的新手,所以我道歉 以下是我的update.php代码:Php 警告:mysqli\u real\u escape\u string()要求参数1为mysqli,字符串为,php,html,mysqli,Php,Html,Mysqli,我的站点有一个安全区域,可以在其中添加/更新/删除数据库条目。我正在尝试将脚本从mysql更新到mysqli。除了更新部分外,其他一切都正常。当我填写新信息并单击“更新”时,会出现以下错误: 警告:mysqli\u real\u escape\u字符串预期参数1为mysqli, 字符串以 /第19行的home3/tarb89/public_html/aususrpg.net/charbase/updated.php 我不确定这里出了什么问题;我是一个完全的新手,所以我道歉 以下是我的update
<?php
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_GET['id'];
$result = mysqli_query($con,"SELECT * FROM characters WHERE id = '$id'");
$my_array = array($c_z);
extract($my_array);
?>
<form id="FormName" action="../charbase/updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">
<tr>
<td width="150" align="right"><label for="name">Name: </label></td>
<td><input name="name" maxlength="255" type="text" value="<?php echo stripslashes($name) ?>"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input name="" type="submit" value="Update">
<input name="id" type="hidden" value="<?php echo $id ?>">
</td>
</tr>
</table>
</form>
<?php
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_POST['id'];
$name = mysqli_real_escape_string(trim($_POST["name"]), $con);
$rsUpdate = mysqli_query($con,"UPDATE characters SET name='$name'
WHERE id='$id'");
if($rsUpdate) { echo "Successfully updated"; } else { die('Invalid query: '.mysql_error()); }
?>
<a href="index.php">Back to index</a>
<?php
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_GET['id'];
$result = mysqli_query($con,"SELECT * FROM characters WHERE id = '$id'");
$my_array = array($c_z);
extract($my_array);
?>
<form id="FormName" action="../charbase/updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">
<tr>
<td width="150" align="right"><label for="name">Name: </label></td>
<td><input name="name" maxlength="255" type="text" value="<?php echo stripslashes($name) ?>"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input name="" type="submit" value="Update">
<input name="id" type="hidden" value="<?php echo $id ?>">
</td>
</tr>
</table>
</form>
<?php
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_POST['id'];
$name = mysqli_real_escape_string(trim($_POST["name"]), $con);
$rsUpdate = mysqli_query($con,"UPDATE characters SET name='$name'
WHERE id='$id'");
if($rsUpdate) { echo "Successfully updated"; } else { die('Invalid query: '.mysql_error()); }
?>
<a href="index.php">Back to index</a>
这更有意义吗?您正以相反的方式使用它:
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
$name = mysqli_real_escape_string($con, trim($_POST["name"]));
<?php
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$name = trim($_POST["name"]);
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "UPDATE characters SET name = ? WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('si', $name, $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->close();
$con->close();
echo "Successfully updated";
?>
<a href="index.php">Back to index</a>
<?php
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "SELECT name FROM characters WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('i', $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->store_result();
if ($result->num_rows == 0)
{
die('No character found...');
}
$result->bind_result($name);
$result->fetch();
$result->close();
$con->close();
echo $name;
您正以相反的方式使用它:
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
$name = mysqli_real_escape_string($con, trim($_POST["name"]));
<?php
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$name = trim($_POST["name"]);
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "UPDATE characters SET name = ? WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('si', $name, $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->close();
$con->close();
echo "Successfully updated";
?>
<a href="index.php">Back to index</a>
<?php
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "SELECT name FROM characters WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('i', $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->store_result();
if ($result->num_rows == 0)
{
die('No character found...');
}
$result->bind_result($name);
$result->fetch();
$result->close();
$con->close();
echo $name;
连接是第一位的。连接是第一位的。这成功了!非常感谢你!关于如何获取@Lec的任何想法,在加载带有该帐户id的页面之前,您必须进行选择查询。如果我的答案解决了您当前的问题,请检查它是否正确。我将更新的.php代码更改为上述代码;它可以工作,但它也显示了这个错误:严格的标准:只有变量应该在第20行的/home3/tarb89/public_html/aususrpg.net/charbase/updated.php中通过引用传递,我会-我必须再等几分钟,然后它才会允许我。我需要一个单独的select查询吗:$result=mysqli_query$con,从id=“$id”的字符中选择*;我将update.php代码更改为上面列出的代码;没有错误,但返回:未找到字符。。。在列出所有数据库数据的索引页上,有一个更新信息链接,我单击该链接,希望它将我发送到更新表单,在该表单中列出包含所有当前信息的表单。如果我说不通的话,我很抱歉。这很难解释,哈哈。这很有效!非常感谢你!关于如何获取@Lec的任何想法,在加载带有该帐户id的页面之前,您必须进行选择查询。如果我的答案解决了您当前的问题,请检查它是否正确。我将更新的.php代码更改为上述代码;它可以工作,但它也显示了这个错误:严格的标准:只有变量应该在第20行的/home3/tarb89/public_html/aususrpg.net/charbase/updated.php中通过引用传递,我会-我必须再等几分钟,然后它才会允许我。我需要一个单独的select查询吗:$result=mysqli_query$con,从id=“$id”的字符中选择*;我将update.php代码更改为上面列出的代码;没有错误,但返回:未找到字符。。。在列出所有数据库数据的索引页上,有一个更新信息链接,我单击该链接,希望它将我发送到更新表单,在该表单中列出包含所有当前信息的表单。如果我说不通的话,我很抱歉。这很难解释,哈哈。