Jump to content

Warning: mysqli_error() expects exactly 1 parameter, 0


capt1701b

Recommended Posts

Hi all,

 

Can anyone help as I get this error 

 

Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home/ubuntu/workspace/Project/Admin.php on line 48 Call Stack: 0.0011 239616 1. {main}() /home/ubuntu/workspace/Project/Admin.php:0 0.0028 249744 2. mysqli_error() /home/ubuntu/workspace/Project/Admin.php:48 Error in query: INSERT `Membership` (`First_Name`, `Surname`, `Gender`, `DOB`, `Email Address`, `Password`) VALUES ('ewqewq', 'qweqw', '', '1966','eqweqe', 'eqwe').

<?php
//include files
include 'header/header.php';
include 'nav/navigation.php';
include 'init.php';

print_r ($_POST);
echo "<br />";
if (isset($_POST['loginSubmit']))
{
$firstname = $_POST['txtFirstName'] ;
$surname = $_POST['txtSurname'] ;
$gender = $_POST['myList'];
$email =$_POST['txtEmail'];
$password = $_POST['txtPass'];
$DOB = $_POST['edob'];



echo "$firstname";
echo "<br />";
echo "$surname";
echo "<br />";
echo "$gender";
echo "<br />";
echo "$email";
echo "<br />";
echo "$password";
echo "<br />";
echo "$DOB";
echo "<br />";

}

//run $query
//(b)Construct INSERT query using variables holding data gathered
$query =  "INSERT  `Membership` (`First_Name`, `Surname`, `Gender`, `DOB`, `Email Address`, `Password`) VALUES ('$firstname', '$surname', '$gender', '$DOB','$email', '$password')";

//Temporarily echo $query for debugging purposes	
echo "$query";

//run $query
include 'init.php';
echo "<br />";
//echo "$query";
echo "<br />";
$result = mysqli_query($connection,$query) or exit ("Error in query: $query. ".mysqli_error()); 
?>
<div class="large-6 columns">
 <form method="post" action="Admin.php">
 <fieldset>
          <legend>Registration Form</legend>
<label>
 <fieldset>
          <legend>First Name</legend>
<input type="text"name="txtFirstName" placeholder="Your first Name" 
 </fieldset>
</label>
 <fieldset>
          <legend>Surname</legend>
          
<label>
 <input type="text"name="txtSurname" placeholder="Your Surame" 
       </fieldset>
</label>
 <fieldset>
          <legend>Gender</legend>
          
     
             <select name="Gender"id =  "myList">
               <option value = "Male">Male</option>
               <option value = "Female">Female</option>
             </select>
          
       </fieldset>
    <fieldset>
          <legend>DOB</legend>
          <div class="small-6 columns">
  <tr> <th> <td>
 <select size="1" name="edob" value="date">
   <option>date</option>
   <option>1</option>
   <option>2</option>
   <option>3</option>
   <option>4</option>
   <option>5</option>
   <option>6</option>
   <option>7</option>
   <option>8</option>
   <option>9</option>
   <option>10</option>
   <option>11</option>
   <option>12</option>
   <option>13</option>
   <option>14</option>
   <option>15</option>
   <option>16</option>
   <option>17</option>
   <option>18</option>
   <option>19</option>
   <option>20</option>
   <option>21</option>
   <option>22</option>
   <option>23</option>
   <option>24</option>
   <option>25</option>
   <option>26</option>
   <option>27</option>
   <option>28</option>
   <option>29</option>
   <option>30</option>
   <option>31</option>
</select>
  <select size="1" name="edob" value="month">  </th>
  <option>month</option>
   <option>Jan</option>
   <option>Feb</option>
   <option>Mar</option>
   <option>Apr</option>
   <option>May</option>
   <option>June</option>
   <option>July</option>
   <option>Aug</option>
   <option>Sep</option>
   <option>Oct</option>
   <option>Nov</option>
   <option>Dec</option>
</select>

   <select size="1" name="edob" value="Year">
   <option>Year</option>
   <option>1966</option>
   <option>1967</option>
   <option>1968</option>
   <option>1969</option>
   <option>1970</option>
   <option>1971</option>
   <option>1972</option>
   <option>1973</option>
   <option>1974</option>
   <option>1975</option>
   <option>1976</option>
   <option>1977</option>
   <option>1978</option>
   <option>1979</option>
   <option>1980</option>
   <option>1981</option>
   <option>1982</option>
   <option>1982</option>
   <option>1983</option>
   <option>1984</option>
   <option>1985</option>
   <option>1986</option>
   <option>1987</option>
   <option>1988</option>
   <option>1989</option>
   <option>1990</option>
   <option>1991</option>
   <option>1992</option>
   <option>1993</option>
   <option>1994</option>
   <option>1995</option>
   <option>1996</option>
   <option>1997</option>
   <option>1998</option>
   <option>1999</option>
   <option>2000</option>
   <option>2001</option>
   <option>2002</option>
   <option>2003</option>
   <option>2004</option>
   <option>2005</option>
   <option>2006</option>
   <option>2007</option>
   <option>2008</option>
   <option>2009</option>
   <option>2010</option>
   </div>
</select> </td></tr>
 </fieldset>
 <fieldset>
          <legend>Email Address</legend>
<label>
<input type="text" name="txtEmail" placeholder="Your email address">
</label>
</fieldset>
<fieldset>
          <legend>Password</legend>
<label>
<input type="text" name="txtPass" placeholder="Your password">
</label>
<label>
<input type="text" placeholder="Confirm your password">
</fieldset>
</label>
<button name="loginSubmit" class="Submit" value="Submit" >Submit</button>
<button class="reset" value="Clear" >Clear</button>
</form>
</div>
</div>

<?php
//include files
include 'footer/footer.php';
?>
  <script src="js/vendor/jquery.js"></script>
  <script src="js/foundation.min.js"></script>
  <script>
 
  </script>
  </body>
Link to comment
Share on other sites

Switching from the old mysql_* functions to the new mysqli_* functions takes a lot more than adding an “i” everyhwere. Or adding connection arguments.

 

You first have to unlearn plenty of wrong practices: Your code has SQL injection vulnerabilities all over the place, and printing error messages on the screen isn't very smart either. It gives attackers valuable information about your system, and it makes legitimate users think your website is fudged up.

 

Then you need to actually learn mysqli. The old extension represented the technology of the 90s, mysqli is a database interface for the 21st century and often takes a very different approach. For example, passing data to queries is now implemented with prepared statements, which provides much better protection against SQL injection attacks. mysqli also supports exceptions to properly indicate errors.

 

Unfortunately, mysqli is fairly difficult to learn, especially when you don't like to read manuals. A much better alternative is the PDO extension. Since you haven't invested any time into mysqli yet, now would be a great time to jump straight to PDO.

Link to comment
Share on other sites

Hi Jacques1,

 

The site is just for demo only and a work in progress

 

The reason for displaying the details was for testing purposes, these will be removed when the required section is working. MySQL may have vulnerabilities but these are going to be addressed shortly and it will help in learning about sql injection attacks for my course.  

Link to comment
Share on other sites

I don't think you're getting my point. You invest time for turning broken mysql_* code into broken mysqli_* code. Why on earth would you do that? If you don't care about broken code, just keep your old mysql_* functions and then go straight to PDO when you rewrite everything.

Link to comment
Share on other sites

Additionally, do not depend on the name of a button for your script to work. It will completely fail in certain circumstances. The proper way is to check the request method.

 

if ($_SERVER['REQUEST_METHOD'] == 'POST')

 

Also, do not create variables for nothing.

 

You are mixing case for your attribute names. Stick to all lowercase with underscores_for_long_words.

 

Since you are processing in the same page (as you should), remove the hardcoded action and filename. You can leave it out completely and the page will submit to itself.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.