Here, i am creating the signing up a new user form but i got a problem in mysql_real_escape_string() .so, i used the alternative mysqli_real_escape_string() and i tried
mysqli_real_escape_string($conn,$_POST['user_name'])
but didn`t worked .Here, i have created a separate connect.php(for the connection with the server and database) file in order to save my time and i have include that file in signup.php file using
include 'connect.php';
and i am not sure by making separate connect.php file mysqli_real_escape_string($conn,$_POST['user_name']) can be use or not.
connect.php
<?php
$server='localhost';
$username='root';
$password='';
$db_name='web_forum_db';
if(!$conn=mysqli_connect($server,$username,$password))
{
exit('Error: could not establish database connection');
}
if (!mysqli_select_db($conn,$db_name))
{
exit('Error: could not select the database');
}
mysqli_close($conn);
?>
signup.php
<?php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up</h3>';
if($_SERVER['REQUEST_METHOD'] !='POST')
{
echo '<form method="POST" action="">
Username:<input type="text" name="user_name"/>
Password: <input type="password" name="user_pass">
Password again:<input type="password" name="user_pass_check">
E-mail:<input type="email" name="user_email">
<input type="submit" value="Add category"/>
</form>';
}
else
{
$errors = array();/*declare the array for later use*/
if(isset($_POST['user_name']))
{
//the user name exists
if (!ctype_alnum($_POST['user_name'])) {
$errors[]='The username can only contain letters and digits.';
}
if(strlen($_POST['user_name'])>30)
{
$errors[]='The username cannot be longer than 30 characters.';
}
}
else
{
$errors[]='The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] !=$_POST['user_pass_check'])
{
$errors[]='The two passwords did not match.';
}
}
else
{
$errors[]='The password field cannot be empty.';
}
if (!empty($errors))/*check for an empty array, if there are errors, they`re in this array*/ {
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach ($errors as $key => $value)/*walk through the array so all the errors get displayed*/
{
echo '<li>' . $value. '</li>';/*This generates a nice error list*/
}
echo '</ul>';
}
else
{
$sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
'".sha1($_POST['user_pass'])."',
'".mysqli_real_escape_string($conn,$_POST['user_email'])."',
NOW(),0)";
$result=mysqli_query($conn,$sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
echo 'Successfully registered. You can now <a href="signin.php">sign in </a> and start posting! :-)';
}
}
}
include 'footer.php';
?>
The showed errors:
Warning: mysqli_real_escape_string(): Couldn't fetch mysqli in C:\xampp\htdocs\web_forum\signup.php on line 56
Warning: sha1() expects parameter 1 to be string, object given in C:\xampp\htdocs\web_forum\signup.php on line 57
Warning: mysqli_real_escape_string(): Couldn't fetch mysqli in C:\xampp\htdocs\web_forum\signup.php on line 58
Warning: mysqli_query(): Couldn't fetch mysqli in C:\xampp\htdocs\web_forum\signup.php on line 60
The following code lies in line 56,57,58 and 60:
$sql = "INSERT INTO users(user_name,user_pass,user_email,user_date,user_level) VALUES('".mysqli_real_escape_string($conn,$_POST['user_name'])."',
'".sha1($_POST['user_pass'])."',
'".mysqli_real_escape_string($conn,$_POST['user_email'])."',
NOW(),0)";
$result=mysqli_query($conn,$sql);
