Hey
i need help with my code because i always get this warning

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in C:\wamp\www\Ali elsharif\combination\login.php on line 17

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in C:\wamp\www\Ali elsharif\combination\login.php on line 18

here is my code

<?php
require_once('easyaccess.php');

// Start the session
session_start();

// Clear the error message
$error_msg = "";

// If the user isn't logged in, try to log them in
if (!isset($SESSION['id'])) {
if (isset($POST['submit'])) {
// Connect to the database
$dbc = mysql_connect(HOST, USER, PASSWORD, D😎;

  // Grab the user login data
  $user_username = mysql_real_escape_string($dbc, trim($_POST['user_id']));
  $user_password = mysql_real_escape_string($dbc, trim($_POST['password']));

    if(!empty($user_username) && !empty($user_password)) {
    // Look up the username and password in the database
     $query = "Select id,user_id FROM users WHERE user_id ={$_POST['user_username']} AND password ={$_POST['user_password']}";
     $data  = mysql_query($dbc, $query);

    if (mysql_num_rows($data) == 1) {
      // The login is okay
      $row = mysql_fetch_array($data);
      $_SESSION['id'] = $row['id'];
      $_SESSION['user_id'] = $row['user_id'];
      setcookie('id', $row['id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days
      setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30));  // expires in 30 days
      $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.html';
      header('Location: ' . $home_url);
    }
    else {
      // The username/password are not correct
      $error_msg = 'Sorry, you must enter a valid username and password to login.';
    }
  }
  else {
    // The username/password weren't entered so set an error message
    $error_msg = 'Sorry, you must enter your username and password to log in.';
  }
}

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Drugs World - Login</title>
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="wrapper">
<div id="header-wrapper">
<div id="header">
<div id="logo">
<h1>Drugs-World</h1>
<p>All drugs types, benefits-unbenefits and detials.</p>
</div>
<div id="menu">
<ul>
<li class="current_page_item"><a href="index.html">Home</a></li>
<li><a href="login.php">Login</a></li>
<li><a href="signup.php">Sign up</a></li>
<li><a href="edit.php">Edit</a></li>
<li><a href="logout.php">Logout</a></li></ul>
</div>
</div>
</div>
<!-- end #header -->
<div id="page">
<div id="page-bgtop">
<div id="page-bgbtm">
<div id="content">
<div class="post">
<?php
// If the session is empty, show error message and the log-in form.
if (empty($_SESSION['user_id'])) {
echo '<p class="error">' . $error_msg . '</p>';
?>
<h2 class="title"><a href="#">Login in Entry:</a></h2>
<div class="entry">
<p><b>Enter your username and password:</b></p>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Log In</legend>
<label for="username">Username:</label>
<input type="text" name="user_id" value="<?php if (!empty($user_username) && isset($submit)) { echo $user_username; } ?>" /><br />
<label for="password">Password:</label>
<input type="password" name="password" />
</fieldset>
<input type="submit" value="Log In" name="submit" />
</form>

<?php
}
else {
// Confirm the successful log-in
echo('<p>Hello, You are already logged in as [ ' . $_SESSION['user_id'] . ' ] ! .</p>');
}
?>
</div>
<div class="byline">
<p class="links">&nbsp;</p>
</div>
</div>
</div>
<!-- end #content -->
<div id="sidebar">
<ul>
<li>
<div id="search" >
<form method="get" action="#">
<div>
<input type="text" name="s" id="search-text" value="" />
<input type="submit" id="search-submit" value="GO" />
</div>
</form>
</div>
<div style="clear: both;">&nbsp;</div>
</li>
<li>
<h2>Today quote</h2>
<p>A paranoid is someone who knows a little of what's going on.</p>
<p>~ William S. Burroughs</p>
</li>
<li>
<h2>Categories</h2>
<ul>
<li><a href="#">Advices</a></li>
<li><a href="#">Videos</a></li>
</ul>
</li>
<li>
<h2>Top Drugs Types</h2>
<ul>
<li><a href="heroin.php">Heroin</a></li>
<li><a href="Cocaine.php">Cocaine</a></li>
<li><a href="CrackCocaine.php">CrackCocaine</a></li>
<li><a href="Ecstasy.php">Ecstasy</a></li>
<li><a href="Marijuana.php">Marijuana</a></li>
<li><a href="Methamphetamine.php">Methamphetamine</a></li>
<li><a href="Opium.php">Opium</a></li>
<li><a href="LSD.php">LSD</a></li>
<li><a href="PsilocybinMushrooms.php">Psilocybin Mushrooms</a></li>
<li><a href="PCP.php">PCP</a></li>
</ul>
</li>
<li>
<h2>Follow Us</h2>
<ul>
<li><a href="#">Facebook</a></li>
<li><a href="#">Twitter</a></li>
<li><a href="#">Linked In</a></li>
<li><a href="#">Google+</a></li>
<li><a href="#">Youtube</a></li>
</ul>
</li>
</ul>
</div>
<!-- end #sidebar -->
<div style="clear: both;">&nbsp;</div>
</div>
</div>
</div>
<!-- end #page -->
<div id="footer">
<p>Copyright (c) 2008 html-leets.com. All rights reserved. Design by group.</p>
</div>
</div>
<!-- end #footer -->
</body>
</html>

    The error message says what the problem is. Now that you've [thread=10388309]gone[/thread] [thread=10387467]backwards[/thread] and replaced [man]mysqli_real_escape_string[/man] with [man]mysql_real_escape_string[/man] you'll need to put the string first and the connection resource second.

      Still learning myself but I noticed that you are using depreciated statements etc I am still building my solution to prevent SQL injections and as far as I can make out PDO is one of the best options.

        Write a Reply...