mysql_real_escape_string()期望参数为字符串

时间:2015-03-29 06:50:18

标签: php mysqli

我已经在000webhost.com上传了我的页面,修复了连接但是我的管理页面出了问题。它有这个错误。

警告:mysql_real_escape_string()期望参数1为字符串,对象在第36行的/home/a8431834/public_html/admin_area/login.php中给出

以下是我的代码。 

<?php 
session_start();

?>
<!DOCTYPE>
<html>
<head>
    <title>Login Form</title>
<link rel="stylesheet" href="styles/login_style.css" media="all" /> 

</head>
<body>
<div class="login">
<h2 style="color:white; text-align:center;"><?php echo @$_GET['not_admin']; ?></h2>


<h2 style="color:white; text-align:center;"><?php echo @$_GET['logged_out']; ?></h2>

<h1>Admin Login</h1>
<form method="post" action="login.php">
    <input type="text" name="email" placeholder="Email" required="required" />
    <input type="password" name="password" placeholder="Password" required="required" />
    <button type="submit" class="btn btn-primary btn-block btn-large" name="login">Login</button>
</form>
</div>


</body>
</html>
<?php 

include("includes/db.php"); 

if(isset($_POST['login'])){

    $email = mysql_real_escape_string($con, $_POST['email']);
    $pass = mysql_real_escape_string($con, $_POST['password']);

$sel_user = "select * from admins where user_email='$email' AND user_pass='$pass'";

$run_user = mysqli_query($con, $sel_user); 

 $check_user = mysqli_num_rows($run_user); 

if($check_user==1){

$_SESSION['user_email']=$email; 

echo "<script>window.open('index.php?logged_in=You have successfully Logged in!','_self')</script>";
}
else {
echo "<script>alert('Password or Email is wrong, try again!')</script>";
}

}
?>

1 个答案:

答案 0 :(得分:0)

您正在做的是将已弃用的mysql_mysqli_*混合使用,而不是使用mysql_real_escape_string使用mysqli_real_escape_string() 

$email = mysqli_real_escape_string($con, $_POST['email']);
$pass = mysqli_real_escape_string($con, $_POST['password']);

您可以了解有关mysqli_real_escape_string() on PHP manual

的更多信息

请注意使用已弃用的版本,如果您已经在其他任何地方完成,请先使用新版本更新这些功能

相关问题
最新问题