警告：mysqli_real_escape_string（）預計2個參數

Question

我得到在我的PHP腳本一些錯誤，因爲我想改變一些「MySQL的」功能「msquli」

1-警告：mysqli_real_escape_string（）期望的是2參數，1 C中給出：\瓦帕\ WWW \ XXX \ YYY \ login.php中在線路34上

這裏是的 「的login.php」

<?php 
ob_start(); 
session_start(); 
if (isset($_SESSION["puadmin"])) { 
header("location: index.php"); 
exit(); 
} 
?> 
<?php 
$success=""; 
$username=""; 
$password=""; 
$error1=""; 
$error2=""; 
$ip1=""; 
//getting ip 
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
    $ip1=$_SERVER['HTTP_X_FORWARDED_FOR']; 
    } 

if (isset($_POST['username'])){ 
$username = $_POST['username']; 
$password = $_POST['password']; 
//connect to the database here 
require("../config.php"); 
$username = mysqli_real_escape_string($username); 
$password = mysqli_real_escape_string($password); 
$query = "SELECT aid, password 
     FROM pu_admin 
     WHERE username = '$username';"; 
    $result = mysqli_query($query); 
if(mysqli_num_rows($result) < 1) //no such user exists 
    { 
// header('Location: login_form.php'); 

    $error1 = " <div class='ui-state-error'>No such user exist</div><br>"; 


} 

$userData = mysqli_fetch_array($result, MYSQL_ASSOC); 
$hash = md5($password); 
$aid = $userData['aid']; 
if($hash != $userData['password']) //incorrect password 
{ 
//header('Location: login.php'); 

$error2 = "<div class='ui-state-error'>Incorrect Password </div>"; 
}else{ 

session_regenerate_id(); //this is a security measure 
$_SESSION['valid'] = 1; 
$_SESSION['userid'] = $aid; 
    $_SESSION["puadmin"] = $username; 
    $_SESSION["pass"] = $pass1; 
    $success= "Login Successfull Redirecting Please wait"; 
    header('location:index.php'); 
    } 
    } 

?> 

<html> 
<head> 
<title>Login</title> 
<?php include_once('templates/stylesheets.php') ?> 

</head> 
<body style="backgrround-color:#e6e6e6 !important;"> 
    <div id="login_wrapper" style="margin-top:120px; margin-bottom:0px;    overflow:hidden;"> 
    <div class="well" style="text-align:center"> 
    <h1><img src="../pu-admin/images/logo-light.png"></h1> 
    </div> 
    <?php 
    echo $error1; 
    echo $error2; 
     echo $success; 
?> 

    <form class="form-signin" name="login" action="" method="post"> 
    <div class="table-container"> 
     <table class="table table-form"> 
     <tbody> 
      <tr> 
      <td> 
       <label>Username</label> 
      </td> 
      <td> 
       <input name="username" placeholder="Username" type="text"> 
      </td> 
      </tr> 
      <tr> 
      <td> 
       <label>Password</label> 
      </td> 
      <td> 
       <input placeholder="Password" name="password" type="password"> 
      </td> 
      </tr> 
     </tbody> 
     </table> 
    </div> 
    <div class="actions"> 
     <div class="button-well"> 
     <button class="button button-primary fastbutton" data-icon="K" >Login</button> 
     </div> 
    </div> 
    </form> 
</div> 

的代碼下面

<?php 
$dbhost = 'localhost'; /*Hostname*/ 
$dbname = 'file'; /*database name*/ 
$dbuser = 'file'; /*user name */ 
$dbpass = '1234'; /*database password, */ 

/*Base url without trailing slash for example http://www.example.com */ 
$baseUrl = 'localhost/file'; 


$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname); 

?> 

給我一個小白儘可能DB查詢有關，但EM努力，我希望有人能幫助我走出

「config.php文件」的

2-碼

thanx提前

Answer 1

你要通過你的連接到mysqli的功能：

mysqli_real_escape_string($conn, $username);

mysqli_query($conn, $query);

看到mysqli_real_escape_string和mysqli_query