mysqli_real_escape_string() returning empty string
Question
anyone have this solution??i am having this problem from this evening after sudden blue screen error. I was using this simple code to implement session in project something worked but after that mysterious restart this thing is acting weird!!!!
This code is supposed to work!!!!
UPDATE: Took care of some minor mistakes and its fully operational now :)
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "root","company");// Selecting Database
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
// To protect MySQL injection for Security purpose
//$username = stripslashes($username);
//$password = stripslashes($password);
$username = mysqli_real_escape_string($connection,$username);
$password = mysqli_real_escape_string($connection,$password);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from login where password='$password' AND username='$username'";
//$query = "select * from login where password='".$password."' AND username='".$username."'";
$result=mysqli_query($connection,$query);
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
}
else {
$error = "Username or Password Invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
Output image(before editing) -
3 answers
solution1
0 ACCPTED 2015-11-27 13:39:12
mysqli_real_escape_string($username) is missing a required parameter
The usage of mysqli_real_escape_string() function is following:
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
You have to add a $connection (your connection variable). So that it becomes: mysqli_real_escape_string($connection, $username)
http://www.w3schools.com/php/func_mysqli_real_escape_string.asp
solution2
0 2015-11-27 13:44:21
This is the escape string that I use
<?php
if (!function_exists('escapestring')) {
function escapestring($vconnection, $value, $datatype) {
$value = function_exists('mysqli_real_escape_string') ? mysqli_real_escape_string($vconnection, $value) : mysqli_escape_string($vconnection, $value);
switch ($datatype) {
case 'text':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
case 'int':
$value = ($value != '') ? intval($value) : "'na'";
break;
case 'float':
$value = ($value != '') ? floatval($value) : "'na'";
break;
case 'date':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
}
return $value;
}
}
?>
solution3
0 2015-11-27 13:51:35
Your query is not using quotes properly it will take '$password' and '$username' as it is instead of their values, change it to this-
$query = "select * from login where password='".$password."' AND username='".$username."'";
Instead of this
$query = "select * from login where password='$password' AND username='$username'";
plus you need to use mysqli_close() instead of mysql_close() and mysqli_real_escape_string($connection, $username) as suggested by pavlovich .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.