警告:mysql_real_escape_string()期望参数2为resource,null给定

时间:2013-12-27 12:34:03

标签: php mysql

这是我的我的编码

当我尝试运行编码时,我得到2个错误

  

警告:mysql_real_escape_string()期望参数2为资源,在第9行的/home/a5008269/public_html/Login.php中给出为null

PHP错误消息

  

警告:mysql_real_escape_string()期望参数2为资源,在第10行的/home/a5008269/public_html/Login.php中给出null

出于某种原因,我在第9行和第10行中收到2个警告

请帮帮我

<?php
require_once('connector.php');
$error_msg = "";
if (!isset($_COOKIE['user_id'])) {
    if (!isset($_POST['submit'])) {
        $pass = hash('whirlpool', $_POST['password']);
        $user_username = mysql_real_escape_string(CONNECT, $_POST['username']);
        $user_pass = mysql_real_escape_string(CONNECT, $_POST['password']);

        if (!empty($user_username) && !empty($user_pass)) {
            $pass = hash('whirlpool', $user_pass);
            $query = "SELECT * FROM playerinfo WHERE user =  '$user_username' AND password = '$pass'";

            $result = mysqli_query(CONNECT, $query);

            if (mysqli_num_row == 1) {
                $row = mysqli_fetch_array($result);
                setcookie('user_id', 1);
                setcookie('username', $row['name']);
                setcookie('level', $row['adminlvl']);
                $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
                header('Location: ' . $url);
            } else {
                $error_msg = 'Invalid Creditals';
            }
        } else {
            $error_msg = 'Username Or Password field is left Empty';
        }
    }
}
?>
<html>
    <head>
        <title> Limitless Gaming ACP Login </title>
    </head>
    <body>
        <h3> Log In </h3>
<?php
if (empty($_COOKIE['user_id'])) {
    echo ' error logging in ';
    ?>
            <form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
                <fieldset>
                    <legend> Log In </legend>
                    <label for="username"> username </label>
                    <input type="text" id="username" name="username"
                           value="<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
                    <label for="password"> password </label>
                    <input type="password" id="password" name="password" />
                </fieldset>
                <input type="submit" value="log in" name="submit" />
            </form>
    <?php
}
else {
    echo ('<p class="login"> You Are Logged in as ' . $_COOKIE['username'] . '.</p>');
}
?>

    </body>
</html>

3 个答案:

答案 0 :(得分:0)

if (!isset($_POST['submit']))  
{  
$pass = hash('whirlpool', $_POST['password']);
$user_username = mysql_real_escape_string(CONNECT, $_POST['username']);
$user_pass = mysql_real_escape_string(CONNECT, $_POST['password']);

如果未设置$ _POST(如此处所示),您将在密码和用户名中没有现有值,因此警告

答案 1 :(得分:0)

你把两个参数反转了。 试试这个:

$user_username = mysql_real_escape_string($_POST['username'], CONNECT);
$user_pass = mysql_real_escape_string($_POST['password'], CONNECT);

另请考虑使用PDO而不是字符串转义。 PDO有不同的逻辑,他自己处理转义

答案 2 :(得分:0)

取决于CONNECT是什么,但是当CONNECT是MySQL连接时,你在mysql_real_escape_string中的顺序错误。

string mysql_real_escape_string ( string $unescaped_string [, 
                                  resource $link_identifier = NULL ] )

请用mysqliPDO编写新代码,因为不推荐使用mysql。

您可以查看mysql_real_escape_string()的manuel页面和已弃用的警告。

相关问题
最新问题