Warning: mysqli_error() expects exactly 1 parameter, 0

[capt1701b]

Hi all,

 

Can anyone help as I get this error 

 

Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home/ubuntu/workspace/Project/Admin.php on line 48 Call Stack: 0.0011 239616 1. {main}() /home/ubuntu/workspace/Project/Admin.php:0 0.0028 249744 2. mysqli_error() /home/ubuntu/workspace/Project/Admin.php:48 Error in query: INSERT `Membership` (`First_Name`, `Surname`, `Gender`, `DOB`, `Email Address`, `Password`) VALUES ('ewqewq', 'qweqw', '', '1966','eqweqe', 'eqwe').

<?php
//include files
include 'header/header.php';
include 'nav/navigation.php';
include 'init.php';

print_r ($_POST);
echo "<br />";
if (isset($_POST['loginSubmit']))
{
$firstname = $_POST['txtFirstName'] ;
$surname = $_POST['txtSurname'] ;
$gender = $_POST['myList'];
$email =$_POST['txtEmail'];
$password = $_POST['txtPass'];
$DOB = $_POST['edob'];



echo "$firstname";
echo "<br />";
echo "$surname";
echo "<br />";
echo "$gender";
echo "<br />";
echo "$email";
echo "<br />";
echo "$password";
echo "<br />";
echo "$DOB";
echo "<br />";

}

//run $query
//(b)Construct INSERT query using variables holding data gathered
$query =  "INSERT  `Membership` (`First_Name`, `Surname`, `Gender`, `DOB`, `Email Address`, `Password`) VALUES ('$firstname', '$surname', '$gender', '$DOB','$email', '$password')";

//Temporarily echo $query for debugging purposes	
echo "$query";

//run $query
include 'init.php';
echo "<br />";
//echo "$query";
echo "<br />";
$result = mysqli_query($connection,$query) or exit ("Error in query: $query. ".mysqli_error()); 
?>
<div class="large-6 columns">
 <form method="post" action="Admin.php">
 <fieldset>
          <legend>Registration Form</legend>
<label>
 <fieldset>
          <legend>First Name</legend>
<input type="text"name="txtFirstName" placeholder="Your first Name" 
 </fieldset>
</label>
 <fieldset>
          <legend>Surname</legend>
          
<label>
 <input type="text"name="txtSurname" placeholder="Your Surame" 
       </fieldset>
</label>
 <fieldset>
          <legend>Gender</legend>
          
     
             <select name="Gender"id =  "myList">
               <option value = "Male">Male</option>
               <option value = "Female">Female</option>
             </select>
          
       </fieldset>
    <fieldset>
          <legend>DOB</legend>
          <div class="small-6 columns">
  <tr> <th> <td>
 <select size="1" name="edob" value="date">
   <option>date</option>
   <option>1</option>
   <option>2</option>
   <option>3</option>
   <option>4</option>
   <option>5</option>
   <option>6</option>
   <option>7</option>
   <option>8</option>
   <option>9</option>
   <option>10</option>
   <option>11</option>
   <option>12</option>
   <option>13</option>
   <option>14</option>
   <option>15</option>
   <option>16</option>
   <option>17</option>
   <option>18</option>
   <option>19</option>
   <option>20</option>
   <option>21</option>
   <option>22</option>
   <option>23</option>
   <option>24</option>
   <option>25</option>
   <option>26</option>
   <option>27</option>
   <option>28</option>
   <option>29</option>
   <option>30</option>
   <option>31</option>
</select>
  <select size="1" name="edob" value="month">  </th>
  <option>month</option>
   <option>Jan</option>
   <option>Feb</option>
   <option>Mar</option>
   <option>Apr</option>
   <option>May</option>
   <option>June</option>
   <option>July</option>
   <option>Aug</option>
   <option>Sep</option>
   <option>Oct</option>
   <option>Nov</option>
   <option>Dec</option>
</select>

   <select size="1" name="edob" value="Year">
   <option>Year</option>
   <option>1966</option>
   <option>1967</option>
   <option>1968</option>
   <option>1969</option>
   <option>1970</option>
   <option>1971</option>
   <option>1972</option>
   <option>1973</option>
   <option>1974</option>
   <option>1975</option>
   <option>1976</option>
   <option>1977</option>
   <option>1978</option>
   <option>1979</option>
   <option>1980</option>
   <option>1981</option>
   <option>1982</option>
   <option>1982</option>
   <option>1983</option>
   <option>1984</option>
   <option>1985</option>
   <option>1986</option>
   <option>1987</option>
   <option>1988</option>
   <option>1989</option>
   <option>1990</option>
   <option>1991</option>
   <option>1992</option>
   <option>1993</option>
   <option>1994</option>
   <option>1995</option>
   <option>1996</option>
   <option>1997</option>
   <option>1998</option>
   <option>1999</option>
   <option>2000</option>
   <option>2001</option>
   <option>2002</option>
   <option>2003</option>
   <option>2004</option>
   <option>2005</option>
   <option>2006</option>
   <option>2007</option>
   <option>2008</option>
   <option>2009</option>
   <option>2010</option>
   </div>
</select> </td></tr>
 </fieldset>
 <fieldset>
          <legend>Email Address</legend>
<label>
<input type="text" name="txtEmail" placeholder="Your email address">
</label>
</fieldset>
<fieldset>
          <legend>Password</legend>
<label>
<input type="text" name="txtPass" placeholder="Your password">
</label>
<label>
<input type="text" placeholder="Confirm your password">
</fieldset>
</label>
<button name="loginSubmit" class="Submit" value="Submit" >Submit</button>
<button class="reset" value="Clear" >Clear</button>
</form>
</div>
</div>

<?php
//include files
include 'footer/footer.php';
?>
  <script src="js/vendor/jquery.js"></script>
  <script src="js/foundation.min.js"></script>
  <script>
 
  </script>
  </body>

[NigelRel3]

The error is very clear - mysqli_error expects a parameter - usually...

mysqli_error($connection)

[Jacques1]

Switching from the old mysql_* functions to the new mysqli_* functions takes a lot more than adding an “i” everyhwere. Or adding connection arguments.

 

You first have to unlearn plenty of wrong practices: Your code has SQL injection vulnerabilities all over the place, and printing error messages on the screen isn't very smart either. It gives attackers valuable information about your system, and it makes legitimate users think your website is fudged up.

 

Then you need to actually learn mysqli. The old extension represented the technology of the 90s, mysqli is a database interface for the 21st century and often takes a very different approach. For example, passing data to queries is now implemented with prepared statements, which provides much better protection against SQL injection attacks. mysqli also supports exceptions to properly indicate errors.

 

Unfortunately, mysqli is fairly difficult to learn, especially when you don't like to read manuals. A much better alternative is the PDO extension. Since you haven't invested any time into mysqli yet, now would be a great time to jump straight to PDO.

Edited April 15, 2017 by Jacques1

[capt1701b]

Hi Jacques1,

 

The site is just for demo only and a work in progress

 

The reason for displaying the details was for testing purposes, these will be removed when the required section is working. MySQL may have vulnerabilities but these are going to be addressed shortly and it will help in learning about sql injection attacks for my course.  

[Jacques1]

I don't think you're getting my point. You invest time for turning broken mysql_* code into broken mysqli_* code. Why on earth would you do that? If you don't care about broken code, just keep your old mysql_* functions and then go straight to PDO when you rewrite everything.

[benanamen]

Additionally, do not depend on the name of a button for your script to work. It will completely fail in certain circumstances. The proper way is to check the request method.

 

if ($_SERVER['REQUEST_METHOD'] == 'POST')

 

Also, do not create variables for nothing.

 

You are mixing case for your attribute names. Stick to all lowercase with underscores_for_long_words.

 

Since you are processing in the same page (as you should), remove the hardcoded action and filename. You can leave it out completely and the page will submit to itself.

Edited April 15, 2017 by benanamen