It always returns empty connect_error value. It connects to mySQL properly. I want to create simple registering system on my page. I'm new to PHP and HTML, so I don't know what is wrong in this code. MySQL works properly, I think, so maybe something is wrong with my SQL code?
This is my PHP code:
<?php
$link = @new mysqli('valid localhost', 'valid user', 'valid password', 'valid database');
if ($link->connect_error!=0) {
die('Could not connect: ' . $link->connect_error);
}
$login = $_POST['login'];
$password = $_POST['password'];
$confirm = $_POST['confirmpassword'];
$email = $_POST['email'];
$result = mysql_query($sql, "SELECT COUNT(*) AS num_rows FROM `users` WHERE username='{$login}' LIMIT 1;");
$row = mysql_fetch_array($sql, $result);
if($row["num_rows"] < 0){
header('Location: index.php');
return;
}
if($password != $confirm) {
header('Location: index.php');
return;
}
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
$password = htmlentities($password, ENT_QUOTES, "UTF-8");
$email = htmlentities($email, ENT_QUOTES, "UTF-8");
$sql = sprintf("INSERT INTO `users` (`username`, `password`, `email`) VALUES
('%s', '%s', '%s');",
mysqli_real_escape_string($link, $login),
mysqli_real_escape_string($link, $password),
mysqli_real_escape_string($link, $email));
if (mysql_query($sql, $link)) {
echo "User created successfully!
";
} else {
echo 'Error creating user: ' . $link->connect_error . "
";
}
?>
HTML code:
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Awesome title</title>
</head>
<body>
Register<br /><br />
<form action="register.php" method="post">
Login: <br /> <input type="text" name="login" /> <br />
Email: <br /> <input type="email" name="email" /> <br />
Password: <br /> <input type="password" name="password" /> <br />
Confirm password: <br /> <input type="password" name="confirmpassword" /> <br /><br />
<input type="submit" value="Register" />
</form>
</body>
</html>
and MySQL table:
CREATE TABLE IF NOT EXISTS `users` (
`username` text collate utf8_polish_ci NOT NULL,
`password` text collate utf8_polish_ci NOT NULL,
`email` text collate utf8_polish_ci NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_polish_ci;
This is what I get:
Error creating user:
Change
echo 'Error creating user: ' . $link->connect_error . " ";
to
echo 'Error creating user: ' . $link->error . " ";
Also, you're mixing mysql and mysqli, and mixing object oriented with procedural.
Try this:
<?php
$link = @new mysqli('valid localhost', 'valid user', 'valid password', 'valid database');
if ($link->connect_error) {
die('Could not connect: ' . $link->connect_error);
}
$login = $_POST['login'];
$password = $_POST['password'];
$confirm = $_POST['confirmpassword'];
$email = $_POST['email'];
$result = $link->query("SELECT COUNT(*) AS num_rows FROM `users` WHERE username='{$login}' LIMIT 1;");
$row = $result->fetch();
if($result->num_rows < 0){
header('Location: index.php');
return;
}
if($password != $confirm) {
header('Location: index.php');
return;
}
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
$password = htmlentities($password, ENT_QUOTES, "UTF-8");
$email = htmlentities($email, ENT_QUOTES, "UTF-8");
$sql = sprintf("INSERT INTO `users` (`username`, `password`, `email`) VALUES
('%s', '%s', '%s');",
$link->real_escape_string($login),
$link->real_escape_string($password),
$link->real_escape_string($email));
if ($link->query($sql)) {
echo "User created successfully!
";
} else {
echo 'Error creating user: ' . $result->error . "
";
}
?>
This code is causing you some trouble. First of all, you are mixing APIs. Here with mysql_* (which is deprecated), while your connection is OOP MySQLi (you cannot mix MySQL APIs).
if (mysql_query($sql, $link)) {
echo "User created successfully!
";
} else {
echo 'Error creating user: ' . $link->connect_error . "
";
}
You should have something like this instead, sticking purely with one style: as I recommend (which you started doing) with OOP MySQLi.
if ($link->query($sql)) {
echo "User created successfully!
";
} else {
echo 'Error creating user: ' . $link->connect_error . "
";
}
This code is kind of poorly written. It makes your SQL query being broken.
$sql = sprintf("INSERT INTO `users` (`username`, `password`, `email`) VALUES
('%s', '%s', '%s');",
mysqli_real_escape_string($link, $login),
mysqli_real_escape_string($link, $password),
mysqli_real_escape_string($link, $email));
It seems like you are trying to prevent SQL-injection? May I suggest usage of prepared statements instead? This is the modern standard, and looks better.
if (!$stmt = $link->prepare("INSERT INTO users (username, password, email) VALUES (?, ?, ?)")) {
// Something went wrnog, here handle it
return false;
}
$stmt->bind_param('sss', $login, $password, $email)
$stmt->execute();
$stmt->close();
In the pind_param the first parameter is sss - this stands for string, string, string - as your $login, $password, $email are all strings. Note that this number must match the number of question-marks in prepare. You should also do the same for your first query, where you select
change
if (mysql_query($sql, $link)) {
echo "User created successfully!
";
} else {
echo 'Error creating user: ' . $link->connect_error . "
";
}
to
if ($link->query($sql)) {
printf("User created successfully!
");
}
This should work for you.