I have a secured area of my site where I can add/update/delete database entries. I am trying to update the script from mysql to mysqli. Everything works except for the "update" part. When I fill in the new information and click "update", it gives me this error:
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli,
string given in
/home3/tarb89/public_html/aususrpg.net/charbase/updated.php on line 19
I'm not sure what is wrong here; I'm a complete newbie, so my apologies.
Here is my update.php code:
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_GET['id'];
$result = mysqli_query($con,"SELECT * FROM characters WHERE id = '$id'");
$my_array = array($c_z);
extract($my_array);
?>
Name: | |
The other issue I have with the update.php page is when it displays the table, the inputs should display the information already listed in the database; currently, it shows the name field but the input section is empty. It should display the name data already in the database (then I can replace it with whatever I want it to update as.)
Here is the updated.php code:
// Create connection
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_POST['id'];
$name = mysqli_real_escape_string(trim($_POST["name"]), $con);
$rsUpdate = mysqli_query($con,"UPDATE characters SET name='$name'
WHERE id='$id'");
if($rsUpdate) { echo "Successfully updated"; } else { die('Invalid query: '.mysql_error()); }
?>
Any help would be greatly appreciated. This thing is driving me bonkers.
Different issue: see above update.php code.
When I click on a link next to a database entry, called "Update Information", it takes me to update.php?id=charactersid
Currently, it displays an empty input form. I can input information and hit "update" and it WILL update correctly.
However, when I am taken to the update.php page, I want it to display the input form except the values should all equal what is already in the database.
For example:
What it currently shows:
Name: [empty input box]
What I want it to show:
Name: [current name listed in the database]
So the value of the input should be the information for that character; so that when I want to update, I can see what is already listed as information for that character and change/delete/add whatever else I need to.
Does that make more sense?
解决方案
You're using it the opposite way:
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
So it should be:
$name = mysqli_real_escape_string($con, trim($_POST["name"]));
Since you're using MySQLi I would suggest you to just jump into prepared statements rather than real_escape, like this:
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$name = trim($_POST["name"]);
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "UPDATE characters SET name = ? WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('si', $name, $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->close();
$con->close();
echo "Successfully updated";
?>
To select the character name:
// Your database info
$db_host = 'host';
$db_user = 'user';
$db_pass = 'pass';
$db_name = 'database';
// POST data
$id = $_POST['id'];
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
$sql = "SELECT name FROM characters WHERE id = ?";
if (!$result = $con->prepare($sql))
{
die('Query failed: (' . $con->errno . ') ' . $con->error);
}
if (!$result->bind_param('i', $id))
{
die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute())
{
die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
$result->store_result();
if ($result->num_rows == 0)
{
die('No character found...');
}
$result->bind_result($name);
$result->fetch();
$result->close();
$con->close();
echo $name;