Apeshape

Do you mean the user of upper cases. Does that make a difference?

Hi, basically I have this snippet some of which I am trying to move into a function. In its current form it works OK, but when I try to call for it within my function it does not : Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, object given in C:\xampp\htdocs\1\assets\includes\memberfunc.php on line 18 Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\1\login.php on line 106 Acess denied, wrong username or password? Here's the function. function logcon($user, $password ) { $esc_user = mysqli_real_escape_string($this->conn, $user); $esc_password = mysqli_real_escape_string($this->conn,$password); $sql = "select * all from users where username ='{$user}' AND password='{$password}'"; $result = mysqli_query($this->conn, $sql); $row = mysqli_fetch_array($this->conn, $result); return $row; } Here's the old, working code. if(isset($_POST['submit'])){ $user=$_POST['user']; $password=$_POST['password']; //To ensure that none of the fields are blank when submitting the form if if(isset($_POST['user']) && isset($_POST['password'])) { $user = stripslashes($user); $password = stripslashes($password); $db1=new dbmember(); $db1->openDB(); $sql="SELECT * FROM users WHERE username='{$user}' AND password='{$password}'"; $result=$db1->logcon($user, $password); $row=mysqli_fetch_array($result); if($row[0]==1) { session_start(); $_SESSION['user'] = $user; $_SESSION['password'] = $password; $_SESSION['loggedin'] = "true"; header("location:index.php"); } Any help on this would be fantastic. I'm pretty stuck.

OK thanks. If I understand correctly, would I be able to move (and would it be better practise to) mysqli_real_escape() to objects within a function. Here's one I'm designing right now. function logcon($user, $password ) { $esc_user = mysqli_real_escape_string($this->conn, $name); $esc_password = mysqli_real_escape_string($this->conn,$address); $sql = "select * all from users where username ='{$user}' AND password='{$password}"; //(rest to be written) } And at the same time, on the page I could remove this altogether? $user = mysqli_real_escape_string($con, $user); And a bit like your example, use this to make a instance? $user = $con->escape($user); Any further guidance on finishing this script? Thanks

Certainly, thanks for asking. $con=new dbmember(); $con->openDB(); //$con =mysqli_connect("hidden","hidden","hidden","hidden"); this was my old way of setting up $con for use further down the code. if(isset($_POST['submit'])){ $user=$_POST['user']; $password=$_POST['password']; //To ensure that none of the fields are blank when submitting the form if if(isset($_POST['user']) && isset($_POST['password'])) { $user = stripslashes($user); $password = stripslashes($password); $user = mysqli_real_escape_string($con, $user); // ERROR 1 $password = mysqli_real_escape_string($con, $password); //ERROR 2.

Thank you...here we go. class dbmember() var conn; function openDB() { include("/assets/configs/db_config.php"); $conn = mysqli_connect('hidden', 'hidden', 'hidden', 'hidden'); //$conn = mysqli_connect($config["host"] , $config["username"], $config["password"],$config["dbname"]); not in use // 1. Create a database connection if (!$conn) { $this->error_msg = "connection error could not connect to the database:! "; return false; } $this->conn = $conn; return true; } db_config.php <?php //Save it as db_config.php $host = 'hidden'; $username = 'hidden'; $password = 'hidden'; $dbname = 'hidden'; $mysqli = new mysqli($host , $username , $password ,$dbname); $conn= mysqli_connect($host, $username, $password, $dbname); return array("host"=>"hidden", "dbname"=>"hidden", "username"=>"hidden", "hidden"=>""); define("HOST", "hidden"); define("USER", "hidden"); define("PASSWORD", "hidden"); define("DATABASE", "hidden"); //loads of funky stuff going on here, I know...Tried a lot of things to get the login connection mysqli connection mysqli_report(MYSQLI_REPORT_ERROR); ?> Thanks a lot. Keith

Been required to stick to sqli for this. Can you think of any way I can initiate the variables needed to satisify mysqli_real_escape_string without defining the connection on-page? Thank you. Keith Tyrell

Hi all, Currently I am using $con=mysqli_connect("x","x","x","x"); On my login page to satisfy the the connection variable for mysqli_real_escape_string($con, $x) This works OK. However I have been told it's very bad to put my connection information on my login page, and I must change it. So I have moved $con=mysqli_connect("x","x","x","x"); into my class method, and then called for it like so : $con=new dbclass(); $con->openDB(); However despite this, mysqli_real_escape is returning : Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 103 Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 104 Warning: mysqli_query() expects parameter 1 to be mysqli, object given in C:\xampp\htdocs\c\login.php on line 109 Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\c\login.php on line 111 Acess denied, wrong username or password? This is the method I'm using to do this. function openDB() { include("/assets/configs/db_config.php"); $conn = mysqli_connect('x', 'x', 'x', 'xxt'); // 1. Create a database connection if (!$conn) { $this->error_msg = "connection error could not connect to the database:! "; return false; } $this->conn = $conn; return true; } Can anyone make any suggestions on what I can do. Any code examples based on my code would also be very useful. Thanks, Keith Tyrell