mysqli_real_escape_string() expects exactly 2 parameters, 1 given Fatal Error

Question

I keep getting this errors and I am having problems fixing that, am not good in PHP because am still learning. I am working on a registration form and am using PHP 5.6. I ha

Answer 1

To technically answer this, both of these functions require a db connection be passed and as the first parameter, as per the manuals:

• http://php.net/manual/en/mysqli.query.php
• http://php.net/manual/en/mysqli.real-escape-string.php

Then in comments you state that you are using PDO to connect with.

Those different MySQL APIs do not intermix. You need to use the same one from connecting to querying. Therefore, if you want to continue to use a PDO connection, you will need to use the PDO functions to query with and not mysqli_*.

• Start with the manual: http://php.net/manual/en/book.pdo.php it's all in there.

And for PDO prepared statements:

• http://php.net/pdo.prepared-statements

Check for errors also:

• http://php.net/manual/en/pdo.error-handling.php (PDO)
• http://php.net/manual/en/function.error-reporting.php (PHP)

Passwords

I also noticed that you are attemtpting to store passwords MD5. This is not recommended as it is no longer considered safe to use as a password storing function.

• If you are intending on going LIVE with this, don't.

Use one of the following:

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

• PBKDF2 For PHP

Important sidenote about column length:

If and when you do decide to use password_hash() or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

---

As I also stated:

if (isset($_SESSION['user']) != "") will give you a false positive.

The syntax is: if isset AND equals to, and not if isset equals to which is what it is presently being interpreted as.

Use:

if (isset($_SESSION['user']) && $_SESSION['user'] != "")

In regards to your POST arrays.

Make sure the HTML form you are using does use a POST method and that all elements hold their respective name attributes.

I.e.: etc.

Note that name="fullname" and name="FullName" are two different animals.

• Those are case-sensitive.

It is also suggested to add exit; after each header, otherwise your code may want to continue to execute.

header("Location: index.html");
exit;