phpmyadmin Question posted in
The official documentation can be found here.

Don't Understand SQL parameters – Phpmyadmin

For some reason when I run my code, I keep getting a parameter error.

I’m running XAMP, Atom, mySql and PhpMyAdmin.
I realised maybe is was to do with the fact that I was using

mysql_real_escape_string

which isn’t supported anymore. So I changed it to mysqli, but now its showing a different error.

I’m new to the whole programming scene, so I’m quite behind with everything.

    $username = "";
    $email = "";
    $errors = array();

  //connect to the database
$db = mysqli_connect('localhost', 'root', '', 'regist');

//if the register is clicked
if (isset($_POST['register'])) {
  $username = mysqli_real_escape_string($_POST['username'], $db);
  $email = mysqli_real_escape_string($_POST['email'], $db);
  $password_1 = mysqli_real_escape_string($_POST['password_1'], $db);
  $password_2 = mysqli_real_escape_string($_POST['password_2'], $db);
  //ensure the form fields are filled properly
  if (empty($username)) {
    array_push($errors, "Username is required");
  }
  if (empty($email)) {
    array_push($errors, "Email is required");
  }
  if (empty($password_1)) {
    array_push($errors, "Password is required");
  }
  if ($password_1 != $password_2) {
    array_push($errors, "The two password do not match");
  }

  //if there are no errors, save user to database
  if (count($errors)==0) {
    $password = md5($password_1); //encrypt password before storing in database
    $sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
    mysqli_query($db, $sql);
  }
}

I was expecting it to register the details into the database, instead i get the errors listed below.

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:xampphtdocsResgistrationserver.php on line 11

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:xampphtdocsResgistrationserver.php on line 12

Notice: Undefined index: password_1 in C:xampphtdocsResgistrationserver.php on line 13

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:xampphtdocsResgistrationserver.php on line 13

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:xampphtdocsResgistrationserver.php on line 14

Tags:

2

Answers


  1. 0

    As mentioned in my comments, there are three things I’d like to change in your current code,

    1. Your call to mysqli_real_escape_string() has the parameters in the wrong order – it should be 
      $username = mysqli_real_escape_string($db, $_POST['username']);
    2. You are using md5() for hashing your password, which is highly insecure – use password_hash() instead (then verify it with password_verify() where you log in).
    3. Don’t bother with 1. and instead use a prepared statement. 
    //connect to the database
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$db = new mysqli('localhost', 'root', '', 'regist');
$db->set_charset("utf8");

//if the register is clicked
if (isset($_POST['register'])) {
    //ensure the form fields are filled properly
    if (empty($_POST['username'])) {
        array_push($errors, "Username is required");
    }
    if (empty($_POST['email'])) {
        array_push($errors, "Email is required");
    }
    if (empty($_POST['password_1'])) {
        array_push($errors, "Password is required");
    }
    if ($_POST['password_1'] != $_POST['password_2']) {
        array_push($errors, "The two password do not match");
    }

    if (!count($errors)) {
        $password = password_hash($_POST['password_1'], PASSWORD_DEFAULT);
        $stmt = $db->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
        $stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password_1']);
        $stmt->execute();
        $stmt->close();
    }
}
    Login or Signup to reply.
  2. 0

    I think you need to improve your php syntax.
    First don’t MySQL ever in your code use mysqli.

    Second you have given different values in the insert query than variables you defined above for your form input values.

    You need to correct it.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search