mysqli查询db预计正好有2个参数,给定1个

时间:2018-01-11 02:31:24

标签: javascript php mysql mysqli

我的登录html有1个问题。我正在制作一个寄存器html&登录html。注册html上的用户名和密码很好,但是在我登录html后遇到问题。我正在使用XAMPP Apache& MySQL的。

本地主机/ TODO / login.html的。

我的错误如下:



Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\todo\db.php on line 11




我的db.php文件:



<?php
    include 'db_connection.php';
    
    function createUser($username, $password){
        $SQL = "INSERT INTO users (username, passwordHash) VALUES ('" . $username . "','" . $password . "')";
        $result = mysqli_query($SQL);        
    }
    
    function isUserValid($username,$password){
        $SQL = "SELECT * FROM users WHERE username = '". $username . "' AND passwordHash = '" . $password . "'";
        $result = mysqli_query($SQL);
        if ($result == false)
        {
            die(mysqli_connect_error());
        }
        
        $count=mysqli_num_rows($result);
        if($count == 1){
            setcookie('login',$username);
            setcookie('islogged',true);
            $dsatz = mysqli_fetch_assoc($result);
            setcookie('my_id', $dsatz['id']);
            header("location:list.php");
        } else {
            unset($_COOKIE['login']);
            setcookie('login', false);
            setcookie('islogged',false);
            setcookie('id',false);
            echo "Wrong Username or Password, try again!";
        }
        
    }
    
    function getTodoItems($user_id){
        $SQL = "SELECT * FROM todos WHERE user_id = ". $user_id . "";
        $result = mysqli_query($SQL);
        echo "<form action='#' method = 'POST'>";
        while($dsatz = mysqli_fetch_assoc($result))
        {
            echo "<div class='input-group'><span class='input-group-addon'><input type='checkbox' name='check_list[]' value='". $dsatz["id"] ."'></span><input name='item". $dsatz["id"] ."' type='text' class='form-control' value='" . $dsatz["todo_item"] . "'></div>";
            echo "</br>";
        }
        echo "<input name='delete' class='btn btn-default btn-block' type='submit' value='Delete selected'/>";
        echo "<input name='update' class='btn btn-default btn-block' type='submit' value='Update selected'/>";
        echo "</form>";
    }

    function addTodoItem($user_id, $todo_text){
        $SQL = "INSERT INTO todos(user_id, todo_item) VALUES (".$user_id.",'".$todo_text."')";
        $result = mysqli_query($SQL);        
    }


    function deleteTodoItem($user_id, $todo_id){
        $SQL = "DELETE FROM todos WHERE id = ".$todo_id." AND user_id = ".$user_id."";
        $result = mysqli_query($SQL);
    }

    function updateTodoItem($todo_text, $todo_id){
            $SQL = "UPDATE todos SET todo_item = '".$todo_text."' WHERE id = ".$todo_id;
            $result = mysqli_query($SQL);
    }

#var_dump(password_hash("123",PASSWORD_DEFAULT));
?>
&#13;
&#13;
&#13;

我的db_connect.php文件:

&#13;
&#13;
<?php
	define("host", "127.0.0.1:3307");
	define("dbuser","root");
	define("dbpass", "");
	define("db", "phplogin");
	
	$conn = mysqli_connect("host", "dbuser", "dbpass");
	if(!$conn){ //!$conn means if NO Connection, what will we do 
		die("Could not connect !<br/> Please contact the site \'s administrator.");
	}
	$database = mysqli_select_db($conn, db);
	if(!$database){
		die("Could not connect to database !<br/> Please contact the site \'s administrator.");
	}
?>
&#13;
&#13;
&#13;

我的db_connection.php文件:

&#13;
&#13;
<?php
    $conn = mysqli_connect("127.0.0.1:3307","root","");
    mysqli_select_db($conn,"phplogin");
	
?>
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:0)

老实说,我认为这就是你必须要做的......但与此同时,我觉得它没有意义......你为每个功能打开了一个连接...首先它不是安全的IMO,但它是唯一有意义的事情

<?php
    function createUser($username, $password) {
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "INSERT INTO users (username, passwordHash) VALUES ('$username', '$password')";
        $result = mysqli_query($conn, $SQL);
        mysqli_close($conn);
    }

    function isUserValid($username,$password) {
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "SELECT * FROM users WHERE username = '$username' AND passwordHash = '$password'";
        $result = mysqli_query($conn, $SQL);
        if ($result == false) {
            die(mysqli_connect_error());
        }

        $count = mysqli_num_rows($result);
        if ($count == 1){
            setcookie('login', $username);
            setcookie('islogged', true);
            $dsatz = mysqli_fetch_assoc($result);
            setcookie('my_id', $dsatz['id']);
            header("location:list.php");
        } else {
            unset($_COOKIE['login']);
            setcookie('login', false);
            setcookie('islogged', false);
            setcookie('id', false);
            echo "Wrong Username or Password, try again!";
        }
        mysqli_close($conn);
    }

    function getTodoItems($user_id) {
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "SELECT * FROM todos WHERE user_id = '$user_id'";
        $result = mysqli_query($conn, $SQL);
        echo "<form action='#' method = 'POST'>";
        while($dsatz = mysqli_fetch_assoc($result)) {
            echo "<div class='input-group'><span class='input-group-addon'><input type='checkbox' name='check_list[]' value='". $dsatz["id"] ."'></span><input name='item". $dsatz["id"] ."' type='text' class='form-control' value='" . $dsatz["todo_item"] . "'></div>";
            echo "</br>";
        }
        echo "<input name='delete' class='btn btn-default btn-block' type='submit' value='Delete selected'/>";
        echo "<input name='update' class='btn btn-default btn-block' type='submit' value='Update selected'/>";
        echo "</form>";
        mysqli_close($conn);
    }

    function addTodoItem($user_id, $todo_text) {
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "INSERT INTO todos (user_id, todo_item) VALUES ('$user_id', '$todo_text')";
        $result = mysqli_query($conn, $SQL);
        mysqli_close($conn);
    }


    function deleteTodoItem($user_id, $todo_id){
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "DELETE FROM todos WHERE id = '$todo_id' AND user_id = '$user_id'";
        $result = mysqli_query($conn, $SQL);
        mysqli_close($conn);
    }

    function updateTodoItem($todo_text, $todo_id) {
        $conn = mysqli_connect('localhost', 'username', 'password', 'myDB');
        $SQL = "UPDATE todos SET todo_item = '$todo_text' WHERE id = '$todo_id'";
        $result = mysqli_query($conn, $SQL);
        mysqli_close($conn);
    }

    #var_dump(password_hash("123",PASSWORD_DEFAULT));
?>