How to remove these errors in my system? Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\cman\admin\login_admin.php on line 29 Warning: mysqli_num_rows() expects par


	<form id="login_form1" class="form-signin" method="post">
				<h3 class="form-signin-heading">
					<i class="icon-lock"></i> Administrator Login
				<input type="text"      class="input-block-level"   id="username" name="username" placeholder="Username" required>
				<input type="password"  class="input-block-level"   id="password" name="password" placeholder="Password" required>
				<button data-placement="right" title="Click Here to Sign In" id="signin" name="login" class="btn btn-info" type="submit"><i class="icon-signin icon-large"></i> Sign in</button>
				<script type="text/javascript">
	<div class="error">

if (isset($_POST['login'])){


$login_query=mysqli_query("select * from admin where username='$username' and password='$password'");

if ($count > 0){


Open in new window

Anita CoertezAsked:
Who is Participating?
@rgranlund - Assuming that dbconn.php establishes a database link object, like this:

$somelink = mysqli_connect("localhost","user","password");

Open in new window

...then in this code, she would need to pass $somelink as the first parameter:
$results = mysqli_query($somelink, "query here");

Open in new window

One big reason for all this can be summed up in one question - if you have a PHP script that connects to 2 different database servers, then which server gets the query?

Prior to mysqli, the mysql function would just send the query to the most recent database connection unless you explicitly specified the connection otherwise.

So back in the olden days of "mysql_" functions:
$dbLinkA = mysql_connect("serverA", "user", "pass");
$dbLinkB = mysql_connect("serverB", "user", "pass");

mysql_query("SELECT * FROM sometable"); // <-- This would query server B, since it was the last link opened.

// To query server A, you would need to do this:
mysql_query("SELECT * FROM sometable", $dbLinkA); 

Open in new window

Most people didn't specify the link since they only used one database. This usually led to configuration problems, but it could even be a potential security problem. Let's say a hacker was able to inject code that established a database connection to his own server.

$dbLinkA = mysql_connect("serverA", "user", "pass");

// Uh-oh, one line of malicious code that was inserted somehow
$dbLinkB = mysql_connect("hackersServer", "user", "pass");

// Now the normal program resumes and maybe it performs a login query like this:
$results = mysql_query("SELECT ID from users WHERE username='admin' and password='abc123'"); // <-- This is queried against the hacker's database

Open in new window

Even though the REAL server didn't have an admin user record with that password, the hacker's did, and he returned a valid ID, which the login system interpreted as a valid number, so it sets up the session and suddenly the hacker is now logged into the real admin's account.

So with MySQLi, PHP took away all the ambiguity and guessing and just forced people to pass around the database link object, so there's no guessing as to which database server should receive the query.
$dbLinkA = mysqli_connect("serverA", "user", "pass");
$dbLinkB = mysqli_connect("serverB", "user", "pass");

mysqli_query($dbLinkA, "SELECT * FROM sometable"); // <-- This queries serverA
mysqli_query($dbLinkB, "SELECT * FROM sometable"); // <-- This queries serverB

Open in new window

Can you post a URL or place your code between the code brackets?
I've addressed this specific problem in your previous question, Anita. It's just that you need to pass the database link as the first parameter to your mysqli_query call.

Please make sure you follow all of my suggestions in that other post, since they apply here, too (SQL injection, session_start() location, exiting after header("Location:..."), etc...)
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

@gr8gonzo so the info dbconn.php needs to be included in the query?
mohan singhWeb developerCommented:
In simple word you are missing connection string
$conn = mysql_connect('databasName','userName',password');

// And your query should be like this

$sql = mysqli_query($conn, "SELECT * FROM yourTable");
//OR also you can use

$sql = "SELECT * FROM yourTable";
$result = mysqli_query($conn);

Open in new window

Thank You

Mohan Singh
@mohan - Please read previous comments before suggesting to make sure you're not suggesting the same thing, and also try your code before suggesting it, unless you are absolutely certain it works. As it stands, you are not adding anything new and none of your code works:

1. You use mysql_connect() instead of mysqli_connect(), so not only will $conn be the wrong type for mysqli_query, but you're suggesting a deprecated mysql_ function.

2. Your "OR also you can use" simply will not work at all because you're not passing the query as a parameter, so mysqli_query($conn) will not know what query to execute.

3. The term "connection string" does not apply to this situation. The mysqli extension does not use connection strings. Connection strings are used in generic connectors, like ODBC.
mohan singhWeb developerCommented:
OK I Understand
Thank You
mohan singhWeb developerCommented:
All member give same answer but gr8gonzo give first
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.