Php mysqli\u real\u escape\u string()要求参数1为mysqli
这是我的完整代码 Connect.phpPhp mysqli\u real\u escape\u string()要求参数1为mysqli,php,Php,这是我的完整代码 Connect.php $connect = @mysql_connect ($host, $username, $password, $db_name) or die ('error'); $select = @mysql_select_db($db_name, $connect) or die('check'); password.php //forgot password update include('C:\wamp\www\header.html'); //ch
$connect = @mysql_connect ($host, $username, $password, $db_name) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
password.php
//forgot password update
include('C:\wamp\www\header.html');
//check if form has been submitted
include('C:\wamp\www\connect.php');
//connecting to db
$errors = array();
if(isset($_POST['submitted'])) {
if (empty($_POST['username']))
{
$errors[]='Please enter a username.';
}
else
{
$u = mysqli_real_escape_string($connect,trim($_POST['username']));
}
//check for current password
if (empty($_POST['password']))
{
$errors[]='Current password does not match.';
}
else
{
$p = mysqli_real_escape_string($connect,trim($_POST['password']));
}
//check for a new password and match with confirm pass.
if(!empty($_POST['password1']))
{
if($_POST['password1'] != $_POST['cpass'])
{
$errors[] = 'The entered password and confirm password do not match.';
}
else
{
$np = mysqli_real_escape_string($connect,trim($_POST['password1']));
}
}
if(empty($errors)){
//if everything is fine.
//verify the entered email address and password.
$q="SELECT username FROM users WHERE (username='$u' AND password=SHA1('$p'))";
$r=@mysqli_query($connect,$q);
$num = @mysqli_num_rows($r);
if($num==1)
//if it matches.
//get user id
{
$row=mysqli_fetch_array($r, MYSQLI_NUM);
//udpdate query.
$q="UPDATE users SET password= SHA1('$np') WHERE username=$row[0]";
$r=@mysqli_query($connect, $q);
if (mysqli_affected_rows($connect) ==1)
{
echo '<h3>Your password has been updated.</h3>';
}
else {
echo '<h3>Whops! Your password cannot be changed due a system error. Try again later. Sorry</h3>';
echo '<p>' .mysqli_error($connect). 'Query:' . $q.'</p>';
}
exit();
}
else
{
//invalid email and password
echo 'The entered username and password do not match.';
}
}
else
{
//report the errors.
echo '<h1> Err... </h1>
<p> The following error(s) have occured</p>';
foreach ($errors as $msg)
{
echo "--$msg<br />\n";
}
echo '</p><p>Please Try Again.</p><p><br/></p>';
}
mysqli_close($connect);
}
?>
<html>
<head></head>
<body>
<div id="container">
<h1>Change your password</h1>
<form action="password.php" method="post">
Username:<br>
<input type="text" name="username" size="20" maxlength="80" />
<br>
Current Password<br/>
<input type="password" name="password" />
<br/>
New Password<br/>
<input type="password" name="password1" />
<br/>
Confirm New Password<br/>
<input type="password" name="cpass" />
<br/>
<input type="submit" name="submit" value="Change Password"/>
<input type="hidden" name="submitted" value="TRUE"/>
</form>
</div>
<?php
include('C:\wamp\www\footer.html');
?>
mysqli\u real\u escape\u字符串
参数
链接
仅过程样式:由mysqli_connect或mysqli_init返回的链接标识符
逃逸
要转义的字符串
编码字符为NUL ASCII 0、\n、\r、\、'和Control-Z
第一个参数必须是链接标识符,而不是像看上去那样包含DB名称的字符串。第一个参数必须是链接标识符,由或返回的值
Blockquote查看连接到mysqlI后是否有资源我正在使用pHpMyadmin连接到数据库。$db_name是一个字符串,但必须是mysqlI资源。嘿,佩卡…很高兴听到你的消息…我如何使$db_name成为一个资源。很抱歉,问了一个愚蠢的问题。你能修改代码吗?谢谢我从佩卡的评论中看到了你的评论。在connect.php中,应该有一个$link=mysqli\u connect。。。或者类似的东西使用$link而不是$db\u name我已经编辑了我的帖子,其中显示了my connect.php是什么…再次感谢现在我得到了mysqli\u real\u escape\u string期望参数1是mysqli,在第27行的C:\wamp\www\password.php中给出的资源您用mysqli\u real\u escape\u string$connect更改了3个mysqli\u real\u escape\u字符串,什么字符串?那么你有一个愚蠢的mysqli_close$connect吗?哦,对了,$connect=@mysql_connect$host,$username,$password,$db_name或者死‘error’;而不是$connect=@mysql_connect$host、$username、$password或die'error';就像手册的最后一个例子一样