php - Warning: mysqli_query() expects parameter 2 to be string, object given in

Question

Good morning!

I'm new in PHP. i'm trying to make work this scrpt but is showing me this problem. It's a forma that modifies some records in a mysql database. The codes gets the data but it shows me that mistake and when i run modify it shows me several problems....

Warning: mysqli_query() expects parameter 2 to be string, object given in C:wampwwwCTEformedicion.php on line 15

I still don't know how to fix it. I really appreaciate your help.

Thanks!

<body>

<?php

include "conexiondb.php";

if(!isset($_POST['submit'])){

//$busqueda=$con->query(    
$muestra=$con->query("SELECT * FROM clientes C INNER JOIN producto P ON C.serial  = P.serial WHERE P.serial = $_GET[serial]");

//mysqli_query($con,$sql);  
mysqli_query($con,$muestra);

$person=$muestra->fetch_array();
}
?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">

  cliente<input type = "text" name="inputcliente" value = "<?php echo $person['cliente']; ?>" /><br/>

  cedula <input type = "text" name="inputcedula" value = "<?php echo $person['cedula']; ?>" /><br/>

<input type="hidden" name="serial" value="<?php echo $_GET['serial'];?>"/>
<input type = "submit" name = "submit" value= "Modificar"/>
</form>

  <?php
  if (isset($_POST ['submit'])){

$u = "UPDATE cliente SET'cliente'='$_POST[inputcliente]','cedula' = '$_POST[inputcedula]' WHERE serial=$_POST[serial]";
mysqli_query($con,$u);

echo "El usuario ha sido modificado";
header ("Location:busca.php");

} else {

      }

  ?>
</body>
</html>

Answer 1

Change

$muestra=$con->query("SELECT * FROM clientes C 
INNER JOIN producto P ON C.serial  = P.serial WHERE P.serial = $_GET[serial]");

To

// Updated to clean the input

$serial = mysqli_real_escape_string($con,$_GET[serial]) ;

$qry="SELECT * FROM clientes C 
INNER JOIN producto P ON C.serial  = P.serial WHERE P.serial = $serial";

Then

$muestra = mysqli_query($con,$qry);