添加链接
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
Why did I get this error message? mysqli_query() expects at least 2 arguments. Please take a look at my code to understand this better, kindly help me to troubleshoot where the error is. Thanks.
$email = $_POST['username'];
$pass = $_POST['password'];
#DATABASE QUERY
$logi = mysqli_query("SELECT *
FROM nuser
WHERE email='$email'
AND password='$pass'");
if($logi){
if(mysqli_num_rows($logi) > 0) {
$user = mysqli_fetch_assoc($logi);
session_regenerate_id();
$_SESSION["id"] = $user["id"];
$_SESSION["name"] = $user["name"];
$_SESSION["address"] = $user["address"];
$_SESSION["email"] = $user["email"];
$_SESSION["account"] = $user["account"];
$_SESSION["pics"] = $user["pics"];
$_SESSION["pnum"] = $user["pnum"];
session_write_close();
header ("Location: dash.php");
} else {
header ("Location: index.php?incorrect");
echo'';
What I have tried:
I have tried asking question as to why I'm getting the error.
I changed the table name and the error still persist
Your code is vulnerable to SQL Injection [ ^ ]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual [ ^ ]
PHP: Prepared statements and stored procedures - Manual [ ^ ]

And as mentioned in solution 1, never store your passwords in plain text. PHP has built-in functions to help you do the right thing:
PHP: password_hash [ ^ ]
PHP: password_verify [ ^ ]
If you look at the documentation it's pretty obvious: PHP: mysqli::query - Manual [ ^ ]
The error message is even telling you explicitly what is wrong: you need 2 arguments to call the function, and you only pass it one.
What connection to the database is it supposed to use if you don't supply one?
On, and by the way ... never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it. [ ^ ]
And remember: this is web based, so if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
  • Read the question carefully.
  • Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
  • If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
  • Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question. Let's work to help developers, not make them feel stupid.
  •