mysqli_connect Fatal Error: require()

Question

Developing a very simple UPDATE query page for users to change their account password, but have run into a bit of a brick wall with establishing the MySQLi connection (or so it would seem). I'm new to this line of programming and this is my first attempt to perform a dynamic query, so hopefully it's something that one of you can spot easily enough and you'd so kind as to offer some much-needed sage advice.

Here's the page in question: http://www.parochialathleticleague.org/accounts.html

Upon executing the form's PHP script, I was at first receiving nothing but a blank white screen. I scoured through my code and did everything I could think of to diagnose the problem. After eventually adding an "OR die" function to the require command, I am now greeted with this message:

Warning: require(1) [function.require]: failed to open stream: No such file or directory > in /home/pal/public_html/accounts.php on line 10

Fatal error: require() [function.require]: Failed opening required '1' (include_path='.:/usr/local/php52/pear') in /home/pal/public_html/accounts.php on line 10

I'm pretty stumped. Here's the script code:

<?php

// Show errors:
ini_set('display_errors', 1);

// Adjust error reporting:
error_reporting(E_ALL);

// Connect to the database:
require ('../mysqli_connect.php') OR die('Error : ' . mysql_error());

// Validate the school:
if (empty($_POST['school'])) {
    echo "You forgot to enter your school.<br>";
    $validate = 'false';
} else {
    $school = mysqli_real_escape_string($db, trim($_POST['school']));
    $validate = 'true';
}

// Validate the existing password:
if (empty($_POST['pass'])) {
    echo "You forgot to enter your existing password.<br>";
    $validate = 'false';
} else {
    $pass = mysqli_real_escape_string($db, trim($_POST['pass']));
    $validate = 'true';
}

// Validate the new password:
if (empty($_POST['new_pass'])) {
    echo "You forgot to enter your new password.<br>";
    $validate = 'false';
} elseif (empty($_POST['confirm_pass'])) {
    echo "You forgot to confirm your new password.<br>";
    $validate = 'false';
} elseif ($_POST['new_pass'] != $_POST['confirm_pass']) {
    echo "Sorry, your new password was typed incorrectly.<br>";
    $validate = 'false';
} else {
    $new_pass = mysqli_real_escape_string($db, trim($_POST['new_pass']));
    $validate = 'true';
}

// If all conditions are met, process the form:
if ($validate != 'false') {

    // Validate the school/password combination from the database:
    $q = "SELECT school_id FROM user_schools WHERE (school_name='$school' AND pass=SHA1('$pass') )";
    $r = @mysqli_query($db, $q);
    $num = @mysqli_num_rows($r);
    if ($num == 1) {

        // Get the school_id:
        $row = mysqli_fetch_array($r, MYSQLI_NUM);

        // Perform an UPDATE query to modify the password:
        $q = "UPDATE user_schools SET pass=SHA1('$new_pass') WHERE school_id=$row[0]";
        $r = @mysqli_query($db, $q);

        if (mysqli_affected_rows($db) == 1) {
            header("Location: confirm_accounts.html");
        } else {
            echo "Your password could not be changed due to a system error. Apologies for the inconvenience. If this problem continues, please contact us directly.";
        }

    }

}

mysqli_close($db);
exit();

?>

Lastly, here's the code from the connection script that it's requiring (with omitted account values, of course):

<?php

// Set the database access information as constants:
DEFINE ('DB_USER', '***');
DEFINE ('DB_PASSWORD', '***');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', '***');

// Make the connection:
$db = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' .mysqli_connect_error() );

// Set the encoding:
mysqli_set_charset($db, 'utf8');

I've been trying for the last couple of hours to troubleshoot this problem on my own. Google couldn't solve it. Looking through archives here couldn't solve it.

Here's what I do know for sure:

• The script that it's requiring, mysqli_connect.php, does work on its own. I've tested it extensively to make sure that all of the log-in info is correct.
• The script is also definitely in the parent directory that I've requested it from. I've tried moving it to the public directory and calling it from there. Same error message. Tried typing the entire file path. Same message.
• Also, most of the script works fine on its own. When I omitted all of the MySQL lines and just left the basic validation code, it ran without a problem and sent me to the confirmation page as requested. It definitely seems to be a problem with making the connection.

Not sure where to go from here. Any assistance would be GREATLY appreciated! Many thanks in advance.

EDIT: @YourCommonSense - Here's the modified script, as per your suggestions. Still getting the blank screen. Am I following your advice incorrectly?

<?php

// Show errors:
ini_set('display_errors', 1);

// Adjust error reporting:
error_reporting(E_ALL);

// Connect to the database:
require ('../mysqli_connect.php');

// Validate the school:
if (empty($_POST['school'])) {
    echo "You forgot to enter your school.<br>";
    $validate = 'false';
} else {
    $school = mysqli_real_escape_string($db, trim($_POST['school']));
    $validate = 'true';
}

// Validate the existing password:
if (empty($_POST['pass'])) {
    echo "You forgot to enter your existing password.<br>";
    $validate = 'false';
} else {
    $pass = mysqli_real_escape_string($db, trim($_POST['pass']));
    $validate = 'true';
}

// Validate the new password:
if (empty($_POST['new_pass'])) {
    echo "You forgot to enter your new password.<br>";
    $validate = 'false';
} elseif (empty($_POST['confirm_pass'])) {
    echo "You forgot to confirm your new password.<br>";
    $validate = 'false';
} elseif ($_POST['new_pass'] != $_POST['confirm_pass']) {
    echo "Sorry, your new password was typed incorrectly.<br>";
    $validate = 'false';
} else {
    $new_pass = mysqli_real_escape_string($db, trim($_POST['new_pass']));
    $validate = 'true';
}

// If all conditions are met, process the form:
if ($validate != 'false') {

    // Validate the school/password combination from the database:
    $q = "SELECT school_id FROM user_schools WHERE (school_name='$school' AND pass=SHA1('$pass') )";
    $r = mysqli_query($db, $q);
    if (!$r) {
    throw new Exception($mysqli->error." [$query]");
    }
    $num = mysqli_num_rows($r);
    if ($num == 1) {

        // Get the school_id:
        $row = mysqli_fetch_array($r, MYSQLI_NUM);

        // Perform an UPDATE query to modify the password:
        $q = "UPDATE user_schools SET pass=SHA1('$new_pass') WHERE school_id=$row[0]";
        $r = mysqli_query($db, $q);
        if (!$r) {
        throw new Exception($mysqli->error." [$query]");
        }

        if (mysqli_affected_rows($db) == 1) {
            header("Location: confirm_accounts.html");
        } else {
            echo "Your password could not be changed due to a system error. Apologies for the inconvenience. If this problem continues, please contact us directly.";
        }

    }

}

mysqli_close($db);
exit();

?>

Answer 1

Two BIGGEST problems with your code and your "solution":

1. You have @ operator all over the place. For which you have -1 vote to your question. @ operator is the evil itself. IT is responsible for the blank page you see.
2. However, the remedy you choose made the things worse. This "OR die" thing is not a magic chant to solve any error reporting problem. And used improperly will cause errors like one you have. For which you have 1 in the error message.

First of all, your include is all right, so, leave it alone.

While to get an error from mysqli, follow these instructions:

Instead of adding "or die" randomly, you need more robust and helpful error reporting solution.

If you are using mysqli_query() all over the application code without encapsulating it into some helper class, trigger_error() is a good way to raise a PHP error, as it will tell you also the file and the line number where error occurred

$res = mysqli_query($mysqli,$query) or trigger_error(mysqli_error($mysqli)."[$query]");

in all your scripts
and since then you will be notified of the reason, why the object weren't created. (If you're curious of this or syntax, I've explained it here - it also explains why you have (1) in the error message)

However, if you're encapsulating your query into some class, file and line from trigger error will be quite useless as they will point to the call itself, not the application code that caused certain problem. So, when running mysqli commands encapsulated, another way have to be used:

$result = $mysqli->query($sql);
if (!$result) {
    throw new Exception($mysqli->error." [$query]");
}

as Exception will provide you with a stack trace, which will lead you the the place from which an erroneous query were called.

Note that you have to be able to see PHP errors in general. On a live site you have to peek into error logs, so, settings have to be

error_reporting(E_ALL);
ini_set('display_errors',0);
ini_set('log_errors',1);

while on a local development server it's all right to make errors on screen:

error_reporting(E_ALL);
ini_set('display_errors',1);

and of course you should never ever use error suppression operator (@) in front of your statements.