mysqli_real_escape_string（）返回空字符串

Question

anyone have this solution??i am having this problem from this evening after sudden blue screen error. I was using this simple code to implement session in project something worked but after that mysterious restart this thing is acting weird!!!!

This code is supposed to work!!!!

UPDATE: Took care of some minor mistakes and its fully operational now :)

    <?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
        $error = "Username or Password is invalid";
        }
        else
        {
            // Define $username and $password
            $username=$_POST['username'];
            $password=$_POST['password'];
            // Establishing Connection with Server by passing server_name, user_id and password as a parameter
            $connection = mysqli_connect("localhost", "root", "root","company");// Selecting Database
            if (!$connection) {
                die("Connection failed: " . mysqli_connect_error());
                }
                // To protect MySQL injection for Security purpose
                //$username = stripslashes($username);
                //$password = stripslashes($password);

                $username = mysqli_real_escape_string($connection,$username);
                $password = mysqli_real_escape_string($connection,$password);



                // SQL query to fetch information of registerd users and finds user match.
                $query = "select * from login where password='$password' AND username='$username'";  

                //$query = "select * from login where password='".$password."' AND username='".$username."'";



                $result=mysqli_query($connection,$query);
                $rows = mysqli_num_rows($result);


                if ($rows == 1) {
                    $_SESSION['login_user']=$username; // Initializing Session
                    header("location: profile.php"); // Redirecting To Other Page
                    }
                    else {
                        $error = "Username or Password Invalid";
                        }
                        mysqli_close($connection); // Closing Connection
                        }
                        }
?>

Output image(before editing) -

Answer 1

mysqli_real_escape_string($username) is missing a required parameter

The usage of mysqli_real_escape_string() function is following:

$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

You have to add a $connection (your connection variable). So that it becomes: mysqli_real_escape_string($connection, $username)

http://www.w3schools.com/php/func_mysqli_real_escape_string.asp

Answer 2

This is the escape string that I use

<?php
if (!function_exists('escapestring')) {

function escapestring($vconnection, $value, $datatype) { 

  $value = function_exists('mysqli_real_escape_string') ? mysqli_real_escape_string($vconnection, $value) : mysqli_escape_string($vconnection, $value);

  switch ($datatype) { 
    case 'text':
      $value = ($value != '') ? "'" . $value . "'" : "'na'";
      break;      
    case 'int':
      $value = ($value != '') ? intval($value) : "'na'";
      break;  
    case 'float':
      $value = ($value != '') ? floatval($value) : "'na'";
      break;
    case 'date':
      $value = ($value != '') ? "'" . $value . "'" : "'na'";
      break; 
    }
    return $value;
    }
}
?>

Answer 3

Your query is not using quotes properly it will take '$password' and '$username' as it is instead of their values, change it to this-

$query = "select * from login where password='".$password."' AND username='".$username."'";

Instead of this

$query = "select * from login where password='$password' AND username='$username'";

plus you need to use mysqli_close() instead of mysql_close() and mysqli_real_escape_string($connection, $username) as suggested by pavlovich .