• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

help with switch between user input box and ?id=

I am having problems with this statement. I bid on keywords and the keyword link is, for e.g.

 http://real-estate-proforma.com/search-members-by-city.php?city=chicago

I get the error,

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/content/M/a/n/Manzanillo8/html/search-members-by-city.php on line 6
get:chicago
post:
sql:SELECT DATE_FORMAT(profile_update, '%b %e %Y at %r') aS fmt_profile_update, ID, username, profile_update, city, state, profession FROM profile where city='' ORDER BY profile_update DESC

Once someone searches for a city name, and they want to search another city, I want them to be able to type in the city name and search another city.

Thanks so much for your help an pacients


Here is the script

<?php
$mysqli = mysqli_connect("");
$username = $_COOKIE["username"];
$city_menu_choice='';
$city_menu_choice = isset($_POST['city_choice'])? mysqli_real_escape_string($_POST['city_choice']): '';
$city_menu_choice = isset($_GET['city'])? mysqli_real_escape_string($_GET['city']): '';

sql:SELECT DATE_FORMAT(profile_update, '%b %e %Y at %r') aS fmt_profile_update, ID, username, profile_update, city, state, profession FROM profile where city='' ORDER BY profile_update DESC

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /home/content/M/a/n/Manzanillo8/html/search-members-by-city.php on line 5
get:
post:chicago
sql:SELECT DATE_FORMAT(profile_update, '%b %e %Y at %r') aS fmt_profile_update, ID, username, profile_update, city, state, profession FROM profile where city='' ORDER BY profile_update DESC



<?php
$mysqli = mysqli_connect("");
$username = $_COOKIE["username"];
$city_menu_choice='';
$city_menu_choice = isset($_POST['city_choice'])? mysqli_real_escape_string($_POST['city_choice']): '';
$city_menu_choice = isset($_GET['city'])? mysqli_real_escape_string($_GET['city']): '';


$get_profiles_sql = "SELECT DATE_FORMAT(profile_update,  '%b %e %Y at %r') aS fmt_profile_update, ID, username, profile_update, city, state, profession FROM profile where city='$city_menu_choice' ORDER BY profile_update DESC";
$get_profiles_res = mysqli_query($mysqli, $get_profiles_sql) or die(mysqli_error($mysqli)."in\n$get_profiles_sql");
 


echo "get:".$_GET['city']."<br />\n";
echo "post:".$_POST['city_choice']."<br />\n";
echo "sql:".$get_profiles_sql."<br />\n";

 
if (mysqli_num_rows($get_profiles_res) < 1) {
      //there are no topics, so say so
      $display_block = "<p><strong><em>There are no member profiles for ".$city_menu_choice." at this time.</em></strong></p>";
} else {
      //create the display string
      $display_block = "
      <table cellpadding=\"10\" cellspacing=\"1\" border=\"0\" border-color=\"121212\">
      <tr>
      <th>User Name</th>
      <th>Location</th>
      <th>Profession</th>
      <th>View Profile</th>
      </tr>";

      while ($user_info = mysqli_fetch_array($get_profiles_res)) {
           
            $state = stripslashes($user_info['state']);
            $city_member = stripslashes($user_info['city']);
              $username = stripslashes($user_info['username']);
            $profession = stripslashes($user_info['profession']);
            $ID = stripslashes($user_info['ID']);
            $profile_update = stripslashes($user_info['profile_update']);

            //add to display
            $display_block .= "
            <tr>
            <td align=center>".$username."</td>
            <td align=center>".$city_member.",&nbsp;".$state."</td>
            <td align=center>".$profession."</td>
            <td><a href=\"show_members_profile.php?ID=".$ID."\">go to profile</a></td>
            </tr>";
            }
      //free results
      mysqli_free_result($get_profiles_res);
      //close connection to mysqli
      mysqli_close($mysqli);

      //close up the table
      $display_block .= "</table>";
}
?>
 <table width="250">

      <form method='post' action="<?php echo $_SERVER['PHP_SELF'] ?>" >

      <td><strong>City:</strong></td>
    <td>
      <input type="text" name="city_choice" size="20" value="<?php $_POST['city_choice'] ?>" >
      </td>
      <td>
      <input type="submit" name="submit" id="submit"/>
      </td>
      </tr>
      </form>
      </table>
0
derekstattin
Asked:
derekstattin
  • 2
1 Solution
 
BrianGEFF719Commented:
The correct usage is:
 string mysqli_real_escape_string ( mysqli $link , string $escapestr )

You should do:
 $city_menu_choice = isset($_GET['city'])? mysqli_real_escape_string($mysqli, $_GET['city']): ''
0
 
derekstattinAuthor Commented:
Is it better to use your solution or this one?

$city_menu_choice='';
if (isset($_GET['city']))
  $city_menu_choice=$_GET['city'];
if (isset($_POST['city_choice']))
  $city_menu_choice=$_POST['city_choice'];
0
 
BrianGEFF719Commented:
I prefer to expand it out since it's easier to follow, however:

 c = (a == b) ? d : e;

is equivalent to:

 if(a == b)
  c = d;
 else
 c = e;

So it's entirely up to you. If you're new to programming in PHP, I would definitly recommend writing out your if statements.

I would also do it like this:

$city_menu_choice = null;
if (isset($_GET['city']))
{
  $city_menu_choice=$_GET['city'];
}
else if (isset($_POST['city_choice']))
{
  $city_menu_choice=$_POST['city_choice'];
}


if($city_menu_choice != null)
{
  //...do stuff
}
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now