收到错误警告：mysqli的查询::（）：无法获取的mysqli在我的代码

Question

收到错误警告：mysqli的查询::（）：无法在

<?php 

    include 'includes/config.php'; 
    include 'includes/database.php'; 
    ini_set('display_errors', 1); 
    ini_set('display_startup_errors', 1); 
    error_reporting(E_ALL); 



    if (isset($_POST['sign'])) { 
     $name=$_POST['email']; 
     $pass=$_POST['password']; 
     $query_two="SELECT * FROM admin WHERE user='$name' AND password='$pass' "; 
     $runn=$db->query($query_two); 

     $row_login=$runn->fetch_assoc(); 

    if ($row_login['user']==$name && $row_login['password']==$pass) { 
     session_start(); 

     $_SESSION["username"] = $name; 
     header('Location: adminpane.php'); 
     exit(); 

    } 

    else { 
     echo "<script> 
    check(); 

     </script> 

     "; 
     exit(); 


    } 


    } 


    ?> 

这是获取的mysqli在我database.php中文件

<?php 
$db=new mysqli(DB_HOST,DB_USERNAME,DB_PASSWORD,DB_NAME); 
?> 

这是我的config.php文件

<?php 

define('DB_HOST', 'xxx.xxx.xxx.xxx'); 
define('DB_USERNAME', 'XXX'); 
define('DB_PASSWORD', 'XXX'); 
define('DB_NAME', 'myDB'); 


?> 

我既包括顶部，但它仍然看起来犯规合作!!， 一切的用户名密码是正确的，该代码是工作 本地主机

Answer 1

使用的东西上：

<?php 
session_start(); 
include 'includes/config.php'; 
include 'includes/database.php'; 
ini_set('display_errors', 1); 
ini_set('display_startup_errors', 1); 
error_reporting(E_ALL); 

if (isset($_POST['sign'])) { 
    $name = mysqli_real_escape_string($db,$_POST['email']); 
    $pass = mysqli_real_escape_string($db,$_POST['password']); 
    $query_two = "SELECT * FROM admin WHERE user='$name' AND password='$pass'"; 
    $runn = mysqli_query($db,$query_two); 
    $row_login = mysqli_fetch_assoc($runn); 

    if ($row_login['user']==$name && $row_login['password']==$pass) { 
    $_SESSION["username"] = $name; 
    header('Location: adminpane.php'); 
    exit(); 
    } else { 
    echo "<script>check();</script>"; 
    exit(); 
} 
} 
?>