How to remove these errors in my system? Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\cman\admin\login_admin.php on line 29 Warning: mysqli_num_rows() expects par

login_admin.php

<?php
include('dbconn.php');
?>
	
	<form id="login_form1" class="form-signin" method="post">
				<h3 class="form-signin-heading">
					<i class="icon-lock"></i> Administrator Login
				</h3>
				<input type="text"      class="input-block-level"   id="username" name="username" placeholder="Username" required>
				<input type="password"  class="input-block-level"   id="password" name="password" placeholder="Password" required>
				
				<button data-placement="right" title="Click Here to Sign In" id="signin" name="login" class="btn btn-info" type="submit"><i class="icon-signin icon-large"></i> Sign in</button>
				<script type="text/javascript">
				$(document).ready(function(){
				$('#signin').tooltip('show');
				$('#signin').tooltip('hide');
				});
				</script>		
			</form>
	</br>
	<div class="error">
	<?php

if (isset($_POST['login'])){

$username=$_POST['username'];
$password=$_POST['password'];

$login_query=mysqli_query("select * from admin where username='$username' and password='$password'");
$count=mysqli_num_rows($login_query);
$row=mysqli_fetch_array($login_query);


if ($count > 0){
session_start();
$_SESSION['id']=$row['admin_id'];
header('location:dashboard.php');
}else{
	header('location:index.php');
}
}
?>
   


</div>

Open in new window

Anita CoertezAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rgranlundCommented:
Can you post a URL or place your code between the code brackets?
0
gr8gonzoConsultantCommented:
I've addressed this specific problem in your previous question, Anita. It's just that you need to pass the database link as the first parameter to your mysqli_query call.

Please make sure you follow all of my suggestions in that other post, since they apply here, too (SQL injection, session_start() location, exiting after header("Location:..."), etc...)
0
rgranlundCommented:
@gr8gonzo so the info dbconn.php needs to be included in the query?
0
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

gr8gonzoConsultantCommented:
@rgranlund - Assuming that dbconn.php establishes a database link object, like this:

dbconn.php
<?php
$somelink = mysqli_connect("localhost","user","password");
....etc...

Open in new window


...then in this code, she would need to pass $somelink as the first parameter:
$results = mysqli_query($somelink, "query here");

Open in new window


One big reason for all this can be summed up in one question - if you have a PHP script that connects to 2 different database servers, then which server gets the query?

Prior to mysqli, the mysql function would just send the query to the most recent database connection unless you explicitly specified the connection otherwise.

So back in the olden days of "mysql_" functions:
$dbLinkA = mysql_connect("serverA", "user", "pass");
$dbLinkB = mysql_connect("serverB", "user", "pass");

mysql_query("SELECT * FROM sometable"); // <-- This would query server B, since it was the last link opened.

// To query server A, you would need to do this:
mysql_query("SELECT * FROM sometable", $dbLinkA); 

Open in new window


Most people didn't specify the link since they only used one database. This usually led to configuration problems, but it could even be a potential security problem. Let's say a hacker was able to inject code that established a database connection to his own server.

$dbLinkA = mysql_connect("serverA", "user", "pass");

// Uh-oh, one line of malicious code that was inserted somehow
$dbLinkB = mysql_connect("hackersServer", "user", "pass");

// Now the normal program resumes and maybe it performs a login query like this:
$results = mysql_query("SELECT ID from users WHERE username='admin' and password='abc123'"); // <-- This is queried against the hacker's database

Open in new window


Even though the REAL server didn't have an admin user record with that password, the hacker's did, and he returned a valid ID, which the login system interpreted as a valid number, so it sets up the session and suddenly the hacker is now logged into the real admin's account.

So with MySQLi, PHP took away all the ambiguity and guessing and just forced people to pass around the database link object, so there's no guessing as to which database server should receive the query.
$dbLinkA = mysqli_connect("serverA", "user", "pass");
$dbLinkB = mysqli_connect("serverB", "user", "pass");

mysqli_query($dbLinkA, "SELECT * FROM sometable"); // <-- This queries serverA
mysqli_query($dbLinkB, "SELECT * FROM sometable"); // <-- This queries serverB

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mohan singhWeb developerCommented:
In simple word you are missing connection string
example:
$conn = mysql_connect('databasName','userName',password');

// And your query should be like this

$sql = mysqli_query($conn, "SELECT * FROM yourTable");
//OR also you can use

$sql = "SELECT * FROM yourTable";
$result = mysqli_query($conn);

Open in new window

Thank You

Regards
Mohan Singh
0
gr8gonzoConsultantCommented:
@mohan - Please read previous comments before suggesting to make sure you're not suggesting the same thing, and also try your code before suggesting it, unless you are absolutely certain it works. As it stands, you are not adding anything new and none of your code works:

1. You use mysql_connect() instead of mysqli_connect(), so not only will $conn be the wrong type for mysqli_query, but you're suggesting a deprecated mysql_ function.

2. Your "OR also you can use" simply will not work at all because you're not passing the query as a parameter, so mysqli_query($conn) will not know what query to execute.

3. The term "connection string" does not apply to this situation. The mysqli extension does not use connection strings. Connection strings are used in generic connectors, like ODBC.
0
mohan singhWeb developerCommented:
OK I Understand
Thank You
0
mohan singhWeb developerCommented:
All member give same answer but gr8gonzo give first
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.