This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
I am writing a website. But i keep having a unknown error.
it says:
"Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /Applications/XAMPP/xamppfiles/htdocs/social business kopie/index.php on line 29"
I don't know what i have to change about my php code and i am just a beginner. Please can someone help me?
Line 29
index.php:
<?php
$reg = #$_POST['reg'];<p>
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("
Welcome to findFriends
Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
you are mixing mysql and mysqli functions. I really recommend you to use mysqli functions, as the others are deprecated
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
Here is the PHP block i am using:
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}
if ($em==$em2){}
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}
if ($pswd==$pswd2){}
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
}
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
And here is the two else statements:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
When i only have:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
I don't get an error message, but when i add:
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln', '$em','$pswd','$d','0')");
}
I get this error message when i refresh:
Parse error: syntax error, unexpected 'else' (T_ELSE) in C:\xampp\htdocs\Socially\index.php on line 39
I am using a YouTube tutorial, and this is what he typed, he didn't get an error message. Here is the link: https://www.youtube.com/watch?v=EgqVNMTnmDQ&list=PLA7F9875BD031DC16&index=36
This video was done in 2013.
If someone could help me, it would be appreciated.
Your ifs are wrong the { opens the control block and the } closes it. For example with this:
if (strlen($pswd)>30||strlen($pswd)<5){}
You are doing nothing when the password is longer than 30 characters or less than 5. (also why limit passwords to 30 characters?)
You also then are echoing the message regardless of that condition:
echo "Your password be between 5 and 30 characters long!";
Additional notes:
Your control blocks should be indented.
You should NOT put user data directly into a SQL query. That is how injections occur. strip_tags does nothing to stop a SQL injection.
Try:
<?php
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);//dont use #, no need for error supression, resolve the errors.
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}//does nothing
if ($em==$em2){}//does nothing
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}//does nothing
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}//does nothing
if ($pswd==$pswd2){}//does nothing
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
} else {
if (strlen($pswd)>30||strlen($pswd)<5){
echo "Your password be between 5 and 30 characters long!";
} else {
$pswd = md5($pswd); //should upgrade hashing algorithm
$pswd2 = md5($pswd2);//not used
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");//open to SQL injections
}
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
so i tried to convert a little bit of MYSQL to the new PDO;
$u_check = mysql_query("SELECT username FROM users WHERE username='un'");
$check = mysql_num_rows($u_check);
if($check == 0){
echo "Do this";
}
How i did it in PDO:
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$check = $databaseConnection->query($u_check);
if($check == 0){
echo "do stuff"
}
But as expeced i get an error:
Warning: PDO::query() expects parameter 1 to be string, object given
in F:\xampp\htdocs\SocialMedia\first\index.php on line 27
Line 27: $check = $databaseConnection->query($u_check);
I have no idea how to get the same result in PDO
Thanks in advance for the help!
EDIT 1:
I have this now:
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$u_check->bind_param("s", "un");
$result = $u_check->execute();
if($result){
echo "hoi";
}
}
}
gives me:
Fatal error: Call to undefined method PDOStatement::bind_param() in
F:\xampp\htdocs\SocialMedia\first\index.php on line 26
EDIT 2: my code at the moment;
<?php include("inc/header.inc.php");?>
<?php
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
if($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){
if($pswd==$pswd2){
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "Maximum characters is 25!";
}else{
if(strlen($pswd)>30||strlen($pswd)<5){
echo "Your pass must be between 5 and 30 characters!";
}else{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, '0')");
$query->execute();
die("<h2>Welcome to Profiles</h2>Login to your account to get started...");
}
}
}
}
}else{
echo "Already exists!";
}
}
}
?>
So, now i get the message "Already exists!" everytime,
Altho the setup itself does not work, its not putting the stuff from the form in ....
EDIT 3
I get this:
Parse error: syntax error, unexpected '}' in
F:\xampp\htdocs\SocialMedia\first\index.php on line 50 which is line
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
which is this line:
}else{
Your code is wrong...Try this one:
<?php include("inc/header.inc.php"); ?>
<?php
function display_errors($errors){
$display = '<ul>';
foreach ($errors as $error){
$display .= '<li>'.$error.'</li>';
}
$display .= '</ul>';
return $display;
}
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
if(isset($reg)) {
$errors = array();
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
$required = array('fname','lname','uname','email','email2','password','password2');
foreach($required as $field){
if($_POST[$field] == ''){
$errors[] .= $field. ' is required';
}
}
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
$errors[] .= "Maximum characters is 25!";
}
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
if($em != $em2){
$errors[] .= 'Emails are not the same';
}
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
$errors[] .= 'User Exists. Choose another username';
}
if(!empty($errors)){
echo display_errors($errors);
}else{
$ac = 0;
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, :ac)");
$query->bindParam(':un',$un);
$query->bindParam(':fn',$fn);
$query->bindParam(':ln',$ln);
$query->bindParam(':em',$em);
$query->bindParam(':pswd',$pswd_md);
$query->bindParam(':d',$d);
$query->bindParam(':ac',$ac);
$query->execute();
}
if($query){
//INSERT SUCCESS
echo 'Success';
}else{
echo 'Failed;'
}
}
?>
It is because for query() you need a String, but you give an object (Look: http://php.net/manual/de/pdo.query.php)
There is an example:
<?php
function getFruit($conn) {
$sql = 'SELECT name, color, calories FROM fruit ORDER BY name';
foreach ($conn->query($sql) as $row) {
print $row['name'] . "\t";
print $row['color'] . "\t";
print $row['calories'] . "\n";
}
}
?>
If you want to use prepare have a look at: http://php.net/manual/de/pdo.prepare.php
You have to use $var->execute(array($var1, $var2));
If I see correctly you want to check if the given username exists in the database. Call ->execute() on the prepared statement and use rowCount() on the returned object to get the number of results.
Check the documentation for more info: PDO rowCount and PDO Prepare
But if you really only need the number of rows where the username is the given username (since you select username and use it in the condition also) you can simply select the number:
SELECT count(username) FROM users GROUP BY username HAVING username = $username
For some apparent reason, a portion of my PHP code is being shown in the header section of my page.
I am completely stumped as to why this is occurring. I have rechecked all the variables and have tested how to page renders on IE and Firefox, but the same problem occurs.
reg.php:
<?
$registration = #$_POST[`submitReg`];
// Getting all other info from form and assigning it to variables
$firstname = strip_tags(#$_POST[`fname`]);
$lastname = strip_tags(#$_POST[`lname`]);
$username = strip_tags(#$_POST[`username`]);
$email = strip_tags(#$_POST[`email`]);
$email2 = strip_tags(#$_POST[`email2`]);
$password = strip_tags(#$_POST[`password`]);
$password2 = strip_tags(#$_POST[`password2`]);
$DOBDay = strip_tags(#$_POST[`DOBDay`]);
$DOBMonth = strip_tags(#$_POST[`DOBMonth`]);
$DOBYear = strip_tags(#$_POST[`DOBYear`]);
$gender = strip_tags(#$_POST[`gender`]);
$sign_up_date = date("d-m-Y"); // Sign up date is not getting any data from the form
if ($registration) {
if ($email==$email2) {
// If both emails match, then check if user already exists:
$u_check = mysqli_query("SELECT username FROM users WHERE username='$username'"); // Count the amount of rows where username = $username
$e_check = mysqli_query("SELECT email FROM users WHERE email='$email'"); //Check whether Email already exists in the database
// checking the amount of rows where username is equal to $username - avoid two users with same username - same idea for email
$check = mysqli_num_rows($u_check);
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
// If no matches found then: 1. check all fields are completed correctly:
if ($firstname && $lastname && $username && $email && $email2 && $password && $password2 && $DOBDay && $DOBMonth && $DOBYear && $gender) {
// 1.2. check that passwords match:
if ($password==$password2) {
-------------------- CODE WHICH IS APPEARING IN THE HEADER ---------------------
// 1.2.1. Check fields are of valid length
if (strlen($username) > 25 || strlen($firstname) > 25 || strlen($lastname) > 25 || strlen($password) > 25) {
echo "The maximum character limit is 25.";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 6 characters
if (strlen($password)>25||strlen($password)<6) {
echo "Your password must be between 6 and 25 characters long!";
}
else
{
// if everything correct, encrypt passwords using MD5 before sending it to server.
$password = md5($password);
$password2 = md5($password2);
$query = mysqli_query("INSERT INTO users VALUES (``, `$firstname`, `$lastname`, `$username`, `$email`, `$password`, `$sign_up_date`)");
die("<h2>Welcome to Aston Unified</h2> Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
_______________________________________________________________________
?>
Any ideas as to why this behavior is occurring?
Seems php short tags <? is off and you have used that. Try to use <?php and then check.
If you need to use that then set
short_open_tag=On
in php.ini and restart your Apache server.
you should enable short tag in php.ini (add short_open_tag=On in your php.ini) or use <?php in place of <?
I have made a code and when I try to sign up I get a problem saying the length is not between 5-30 for the password. I was using 7 letters for a password but was getting this problem when trying to sign up on my site. I have posted parts of the code below:
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)>5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using bcrypt before sending to database
$pswd = bcrypt($pswd);
$pswd2 = bcrypt($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', $un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started . . .");
Try this:
if (strlen($pswd)>30||strlen($pswd)<5) {
// ^ You want to check if it is less than or equal to 5
p.s. You really shouldn't put a maximum limit on the password.
This question already has answers here:
php username check on database when user already taken
(5 answers)
Closed 9 years ago.
Hi i have a registration system, And it works well, my problem is that how will i check the username if already taken based on my database ?? i have this script and it wont work, can someone help me solve this??
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$username = $_POST['username'];
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
$res = mysql_query($sql);
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?
the problem is on the else statement check the database if username is taken.
Please help me out on this , many thanks
i get this error
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\TheSocioNet\stud_reg.php on line 210
Please use below code to fix your problem
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$username = $_POST['username'];
$sql = "SELECT
members.username
FROM
members
WHERE username = '". $username."'";
$res = mysql_query($sql);
if($res && mysql_num_rows($res) > 0){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?