Warning: Wrong parameter count for mysql_query()

Hi Designer_101,

This warning occurs when there is no connection to your mysql database setup properly. The actual call to mysql_query contains a second parameter which points to the mysql connection, and although this is an optional parameter, it causes problems if not included in the call explicitly if the connection to the database does not exist. You haven't supplied your connection call (to mysql_connect() ), so I think it must be done somewhere else in your code. Can you double check how you are connecting to the database?

Hi

I seem to be getting this error on the reply section of my forum. I've never had this problem before and have tried google but found nothing. So, now i turn to daniweb, surly someone must be able to help me here.

This is the error:
Warning: Wrong parameter count for mysql_query() in C:\wamp\www\Rhinos 2\2nd\reply.php on line 79

The code on like 79 is :
mysql_query($insertpost) or die(mysql_query());

And this is my full code:

<?php

print "<table class='maintables'>";

print "<tr class='headline'><td>Reply</td></tr>";

print "<tr class='maintables'><td>";

if(isset($_POST['submit']))

{
   $yourpost=$_POST['yourpost'];
   $id=$_POST['id'];

if(strlen($yourpost)<1)
{

print "You did not type in a post."; //no post entered

}
else
{

$thedate=date("U"); //get unix timestamp

$displaytime=date("F j, Y, g:i a");

//we now strip HTML injections
$name = @strip_tags($name);

$yourpost=strip_tags($yourpost); 

$name = $_SESSION['name'];
$insertpost="INSERT INTO forum(author,post,showtime,realtime,lastposter,parentid) values('$name','$yourpost','$displaytime','$thedate','$name','$id')";

mysql_query($insertpost) or die(mysql_query()); //insert post

$updatepost="Update forum set numreplies=numreplies+'1', lastposter='$name',showtime='$displaytime', lastrepliedto='$thedate' where postid='$id'";

mysql_query($updatepost) or die("Could not update post");
print "Message posted, go back to <A href='message.php?id=$id'>Message</a>.";

}
}
else
{
   $id=$_GET['id'];
   print "<form action='reply.php' method='post'>";
   print "<input type='hidden' name='id' value='$id'>";
   print "Your message:<br><br>";
   print "<textarea name='yourpost' rows='5' cols='40'></textarea><br><br>";
   print "<input type='submit' name='submit' value='Post Reply'></form>";
}
print "</td></tr></table>";
?>

end quote.

You are a member of Daniweb since July 2007 and you still don't use code tags. Think before you submit a post. Read the guidelines again if you have forgotten them.

1. the database is not connected
2. no validation of input
3. other input fields can be left blank
   on first load this

   $id=$_GET['id'];
   print "<form action='reply.php' method='post'>";
   print "<input type='hidden' name='id' value='$id'>";

   does nothing

there are 6 fields, and as few as 3 in $_post and calculated data

wont mention using two text strings for timestamping, how slow and unneccessary 35 characters string instead of 10 digit number now() formatted on output with php native time() functions

hi

Thanks for all the help.

This is my connection script:

<?php
	$settings = array(
	'server' => 'localhost',
	'username' => 'root',
	'password' => '*****',
	'database'  => 'rita_rhinos',
	'sitename'  => 'Psychedelic Rhinos',
	'url' => 'www.psychedelic-rhinos.co.uk'
	);

@mysql_connect($settings['server'], $settings['username'], $settings['password']) or die("Database Error");
	@mysql_select_db($settings[database]) or die("Database Error");

?>

I tested to see if it was working by adding

echo "connected";

to the bottom of the code.
And it worked

HOWEVER

I only just noticed that im only getting this error when quotes have been typed into the reply form.

A normal sentence will input perfectly into the database with no error however something like " it's " makes the error appear.

Any ideas ?

Use mysql_real_escape_string

Ok

Thanks for all your help, it works fine now. However, I read through the manual and loads of people said it was important to do other things aswell.

For example, I should take out
slahes (/)
single quotes ('')
double qoutes ("")
and also something i cant remember the name of (``)

Could someone suggest a reliable efficient wayof doing all this.

mysql_real_escape_string does all the above. What exactly it does is, it will escape all the single quotes as well as slashes. :)

In these circumstances mysql_real_escape_string sounds really good.
But say for a forum would it not be better to use

addslashes(htmlspecialchars($variable))
AND THEN ON RETREIVE
stripslashes($variable)

That way the user

<?php
$con = mysql_connect("localhost","root");
mysql_select_db("test");
$string = "'this is an example with \ \ .... And It\'s working!";
echo mysql_real_escape_string($string);
?>

Try this example and see yourself :) While using mysql_real_escape_string, you don't have to strip the slashes. But yeah, If you want, you can convert the value using htmlspecialchars or htmlentities. This will convert >, <, etc to &gt; &lt; etc...