Warning: mysql_real_escape_string() expects parameter 1 to be string, object given

Ok, I've solved some of my issues, but now I am running into one that is counter to what I am use to seeing.

Now I was getting one before where it expected 2 to be there, now it's down to 1.

I am using one database, multiple tables, and I can't seem to understand why this is happening. Can anyone clarify for me?

Here is the page in question. Thanks.

BTW, to get this error, you need to press the submit button.

http://kaboomlabs.com/PDI/test2.php

<?php


require_once('connectvars.php');
        $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
        or die('Error connecting to MySQL server.');
$output_form = 'yes';




?>


<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>PDI Non-Conforming Materials Report</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />


</head>


<body>
<div id="logo">
    <img src="images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>


<div id="title">
    <h3 id="NCMR2">Non-Conforming Materials Report (NCMR)</h3>
</div>
<?php
//Post Data
 if (isset($_POST['submit'])) {
    $ab = mysqli_real_escape_string($dbc,$_POST['ab']);
    $date = mysqli_real_escape_string($dbc,date('Y-m-d',strtotime ($_POST['date'])));
    $part = mysqli_real_escape_string($dbc,$_POST['part']);
    $rev = mysqli_real_escape_string($dbc,$_POST['rev']);
    $partdesc = mysqli_real_escape_string($dbc,$_POST['partdesc']);
    $ncmrqty = mysqli_real_escape_string($dbc,$_POST['ncmrqty']);
    $comp = mysql_real_escape_string($dbc,$_POST['comp']);
    $ncmrid = mysql_real_escape_string($dbc,$_POST['ncmrid']);
    $rma = mysql_real_escape_string($dbc,$_POST['rma']);
    $jno = mysql_real_escape_string($dbc,$_POST['jno']);
    $fdt = mysql_real_escape_string($dbc,$_POST['fdt']);
    $cof = mysql_real_escape_string($dbc,$_POST['cof']);
    $fab1= mysql_real_escape_string($dbc,$_POST['fab1']);
    $fab2= mysql_real_escape_string($dbc,$_POST['fab2']);
    $fab3= mysql_real_escape_string($dbc,$_POST['fab3']);
    $non= mysql_real_escape_string($dbc,$_POST['non']);
    $dis= mysql_real_escape_string($dbc,$_POST['dis']);
    $comm= mysql_real_escape_string($dbc,$_POST['comm']);
    $caad= mysql_real_escape_string($dbc,$_POST['caad']);
    $po= mysql_real_escape_string($dbc,$_POST['po']);
    $pod = mysql_real_escape_string($dbc,date('Y-m-d',strtotime($_POST['pod'])));
    $dri = mysql_real_escape_string($dbc,date('Y-m-d',strtotime($_POST['dri'])));






    $output_form = 'no';
    
    if (empty($ab) || empty($date) || empty($part) || empty($partdesc)){


// We know at least one of the input fields is blank 
echo '<div id="alert">';
echo 'Please fill out all of the required NCMR information.<br />';
    echo '</div>';


}
    $output_form = 'yes';
    
}


//Access the Database
    if (!empty($ab) && !empty($date) && !empty($pod)) {
        $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
        or die('Error connecting to MySQL server.');
        
    $query = "INSERT INTO ncmr (ab, date, part, rev, partdesc, ncmrqty,)


    VALUES ('$ab', '$date', '$part', '$rev', '$partdesc', '$ncmrqty')";
    
    mysqli_query($dbc, $query)
        or die ('Data not inserted.');




      // Confirm success with the user
    echo '<tr><td class="thank">';
    echo '<p>Thank you for adding the NCRM, the correct person will be informed.</p>';
    echo '<p><a href="post.php">&lt;&lt; Back to the form</a></p>';
    echo '</td></tr>';


    mysqli_close($dbc);
}
  if ($output_form == 'yes') {
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
        echo '<fieldset>';
        //Part, Rev, Part Description, NCMR Qty
            echo '<div id="box1">';
                echo '<div id="ab"><span class="b">Added By:&nbsp;&nbsp;</span><input type="text" name="ab" value="" /></div>';
                echo '<div id="date"><span class="b">Date Filed:&nbsp;&nbsp;</span><input type="text" name="date" value="" /></div>';
                echo '<div id="part"><span class="b">Part Number:&nbsp;&nbsp;</span><input type="text" name="part" value="" /></div>';
                echo '<div id="rev"><span class="b">Part Revision:&nbsp;&nbsp;</span><input type="text" name="rev" value="" /></div>';
                echo '<div id="partdesc"><span class="b">Part Description:&nbsp;&nbsp;</span><textarea name="partdesc" rows="3" cols="22" ></textarea></div>';
                echo '<div id="ncmrqty"><span class="b">NCMR Qty:&nbsp;&nbsp;</span><input type="text" name="ncmrqty" value="" /></div>';
            echo '</div>';
                                echo '<div id="button"><input type="submit" value="Submit NCMR" name="submit" /></div>';
            echo '</div>';


//Company, Customer NCMR, Internal RMA, and Job Number
            echo '<div id="box2">';
                echo'<div id="comp">';
                    echo '<span class="b">Company:&nbsp;&nbsp;</span>';
                    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
                    $mysqli->select_db('comp');
                    $result = $mysqli->query("SELECT * FROM comp"); 
                    $i = 0;
                echo "<SELECT name='comp'>\n";
                    while($row = $result->fetch_assoc()) {
                    if ($i == 4) echo '<option value="lines">-----</option>';
                echo "<option value='{$row['user_id']}'>{$row['name']}</option>\n";
                    $i++;
                    }
                echo "</select>\n";
                echo '</div>';
                
                echo '<div id="ncmrid"><span class="b">Customer NCMR ID:&nbsp;&nbsp;</span><input type="text" name="ncmrid" value="" /></div>';
                echo '<div id="rma"><span class="b">Internal RMA #:&nbsp;&nbsp;</span><input type="text" name="rma" value="" /></div>';
                echo '<div id="jno"><span class="b">Job #:&nbsp;&nbsp;</span><input type="text" name="jno" value="" /></div>';
            echo '</div>';




//Type of Failure and Class of Failure
            echo '<div id="box3">';
                echo '<h2>Fabricators</h2>';
                echo '<div id="fdt">';
                    echo '<span class="b">Failure Due To:&nbsp;&nbsp;</span><br />';
                    echo '<select name="fdt">';
                    echo '<option value="none">----None----</option>';
                    echo '<option value="In House">In House</option>';
                    echo '<option value="Third Party">Third Party</option>';
                    echo '</select>';
                    echo '</div>';


                echo'<div id="cof">';
                    echo '<span class="b">Class of Failure:&nbsp;&nbsp;</span><br />';
                    echo '<select name="cof">';
                    echo '<option value="none">----None----</option>';
                    echo '<option value="Materials">Materials</option>';
                    echo '<option value="Fabrication">Fabrication</option>';
                    echo '<option value="Drawing">Drawing</option>';
                    echo '<option value="Assembly">Assembly</option>';
                    echo '<option value="Testing">Testing</option>';
                    echo '<option value="Electrical">Electrical</option>';
                    echo '<option value="Programming">Programming</option>';
                    echo '<option value="Machining">Machining</option>';
                    echo '<option value="Inspection">Inspection</option>';
                    echo '<option value="Purchasing">Purchasing</option>';
                    echo '<option value="Administrator">Administrator</option>';
                    echo '</select>';
                echo '</div>';
            echo '</div>';
    echo '</fieldset>';
echo '</form>';
    }
?>
</body>
</html>

Code (markup):

 

The first parameter of mysql_real_escape_string() must be the string, and the second (which is not required) - the DB connection.

 

I was told it was... this really is annoying me... it seems that everyone has an opinion of how things should work... and there is no set standard...

I originally had it just as the string then I was told it needed the database and then the string... now back to the string. Are there situations in where it would need to have the database, and then the string?

When I do what you tell me to do I now get this error:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in kaboomlabs.com/PDI/test2.php on line 34

 

Solved it, half the issue was mixed coding between mysql and mysqli...

 

There is a standart. php.net tells you what is needed for any built in function to operate. Take a look at this site.
Edit: mysqli_real_escape_string() is made by your script, so I cannot tell you what does it need until you post its script here.

 

Ummm... did you even look at the original post, or my comments before you posted?

 

Yes.
I saw that you posted another thread before this one. Since your posts are not very clear, I recommended you to give us the entire script, so we could fix the problem forever. Thus you won't open another thread about this problem tomorrow.

 

Actually it was clear, you didn't understand it, either that or you didn't read http://forums.digitalpoint.com/showthread.php?t=2363378#post17150293 then...because I stated that I solved the issue and why it didn't work...

 

You may think that 'not getting errors' is equal to 'solved', but I don't think so. May be your script is not working as it should now. That's why I wanted to check it. However, I don't want to participate in pointless discussions. Let's just say that I am not right. Have a nice day.

 

That's what I was going to say. Just use mysql instead of i and just pass the string itself.

 

But wouldn't that be a problem with mixing mysqli only code and mysql code? I don't think I'm using any but it's always the chance of.

 

Thanks for very nice information friends