-1

**I have created the below registration form ** **

newuser.html

**

<form action="AddUser.php" method="POST">
<p>Enter A Username: </p>
<input type="text" name="User" maxlength="20" size="10">
<br />
<p>Enter your number: </p>
<input type="text" name="number" maxlength="40" size="10">
<br />
<input type="submit" value="Create Account">
</form>

the $_Post data is then transfered to adduser.php, the errors are within this script.. **

adduser.php

** 

//grabing our $_POST data from our form and assign them to variables...
$User = $_POST['User'];
$Phone = $_POST['number'];


//Check whether user put anything in the fields for user or phone
if (!$User || !$Phone) {
echo "You have not entered all the needed info. Please try again.";
exit();
}

// database connection
 $dbconnect = mysql_connect("localhost","root","");
if (!$dbconnect)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("database", $dbconnect);

//Now inserting data into database
$sql = "INSERT INTO UsersTable (UserName, Phone)
VALUES ('".$User."', '".$Phone."')";

//Verify Successful Entry
if (mysqli_query($dbconnect,$sql)) {
echo "User Added Successfully";
} else {
echo "Error Creating User: " . mysqli_error($dbconnect);
}

echo "<br /><p>Please go to the main page to login now.</p>";
?>

and these are the error message

**> Warning: mysqli_query() expects parameter 1 to be mysqli, resource

given in C:\xampp\htdocs\test\aaa\new\adduser.php on line 28

Warning: mysqli_error() expects parameter 1 to be mysqli, resource given in C:\xampp\htdocs\test\aaa\new\adduser.php on line 31 Error Creating User:**

please show me some directions to debug it.. lastly this is the login page **

login.php

**

<?php
session_start();


$User = $_POST['User'];
$PW = $_POST['Phone'];

// database connection
$dbconnect = mysql_connect("localhost","root","");
if (!$dbconnect)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("database", $dbconnect);

//cheaking for username and Phone matches in the database
$sql = "SELECT UsersTable.UserName, UsersTable.Phone
FROM UsersTable
WHERE UsersTable.Phone = '$phone'";
$result = $dbconnect->query($sql);


$_SESSION['verified_user'] = $User; //storing it in a SESSION

}
?>

and the **

logout.php

**

<?php
session_start();

unset($_SESSION['verified_user']);
session_destroy();
echo "You are logged out.";
?>

please help me to debug the code

user3741870
  • 11
  • 2
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jun 15 '14 at 10:20

1 Answers1

0

You are using two different database APIs. mysql_ and mysqli_. They are not compatible, pick one and stick to it. (Hint: Don't pick mysql_, it is deprecated).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • oh thanks, but stil am getting this:Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\test\aaa\new\adduser.php on line 28 Error Creating User: – user3741870 Jun 15 '14 at 10:25
  • The only reason you would be getting that error is if you used `mysql_query` which I just told you not to use. – Quentin Jun 15 '14 at 11:36