-2

After submitting something through my form I get the welcome part and then the mysql connection error because mysql is off, it goes away when I turn it on and then the boolean error. "Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given in C:\xampp\htdocs\welcome.php on line 25"

<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?><br>
Your password is <?php echo $_POST["password"]; ?><br>
You have purchased the <?php echo $_POST["sub_type"]; ?>
<?php
$mysqli_host = "localhost";
$mysql_username = "root";
$mysql_password = "123";
$site_db = "test";
$info_name = $_POST["name"];
$info_pass = $_POST["password"];
$info_email = $_POST["password"];
$sub_type = $_POST["sub_type"];

$con=mysqli_connect($mysqli_host,$mysql_username,$mysql_password,$site_db);
// Checks connection to twitch webpanel database and inserts registreation info
if (mysqli_connect_errno());
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

mysqli_query($con,"INSERT INTO Users (Username, Password, Email, Subcription)
VALUES ('$info_name', '$info_pass', '$info_email', '$sub_type')");

?>

</body>
</html>
user3450515
  • 9
  • 1
  • 1
  • 2
  • Do not se mysqli. Use PDO instead. There are bugs in your code that will cause your server to be hacked, look up SQL injection. Basically you want to use PDO's prepared statements feature to embed $_POST in the query. But spend some time researching it, you need to get this right or you will get in serious trouble. – Abhi Beckert Mar 22 '14 at 19:12
  • It is not intended to be a public page – user3450515 Mar 22 '14 at 19:13
  • **Always debug** `mysqli_query($con,"INSERT INTO Users (Username, Password, Email, Subcription) VALUES ('$info_name', '$info_pass', '$info_email', '$sub_type')") or die(mysqli_error($con));` – Fabio Mar 22 '14 at 19:13
  • Doesn't matter if it's public, it's still the wrong way to do it and your will have bugs. – Abhi Beckert Mar 22 '14 at 19:15
  • 2
    @AbhiBeckert I'd say mysqli is secure since it supports prepared statements, so what's the deal? – Fabio Mar 22 '14 at 19:16
  • @AbhiBeckert MySQLi supports Prepared Statements as well. – TimWolla Mar 22 '14 at 19:16
  • Also you need to run $password through pbkdf2 or scrypt. Always encrypt passwords. – Abhi Beckert Mar 22 '14 at 19:17
  • @Fabio sure mysqli works, but it's old fashioned. Better to use PDO, especially if someone is new. For example, PDO has better error messages and probably would have shown what the problem here is in more detail. – Abhi Beckert Mar 22 '14 at 19:20
  • @Abhibeckert that's your primarilly opinion, you can't just say `don't use mysqli because is not secure`. This is totally false. – Fabio Mar 22 '14 at 19:22
  • @Fabio you misunderstood my comment, probably my fault. Insaid he should use mysqli *and* his code is insecure. I didn't say mysqli is insecure. – Abhi Beckert Mar 22 '14 at 19:28

3 Answers3

11

Most probably, you have a connection error in mysqli_connect. Wrong credentials or MySQL is down.

if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
    //you need to exit the script, if there is an error
    exit();
}
user4035
  • 22,508
  • 11
  • 59
  • 94
0
if (mysqli_connect_errno());
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit(); // **this is missing**
}
mysqli_query($con,"INSERT INTO Users (Username, Password, Email, Subcription)
VALUES ('$info_name', '$info_pass', '$info_email', '$sub_type')");
kk497055
  • 116
  • 8
0

Here is your bug:

if (mysqli_connect_errno());

There should be no semicolon on the end.

Also according to the documentation you should be using this to check for connection errors:

if (mysqli_connect_error())

But as I said in a comment, I recommend using PDO instead of mysqli. And make sure you properly escape values inserted into the database and encrypt the password with pbkdf2 or scrypt.

Abhi Beckert
  • 32,787
  • 12
  • 83
  • 110