-2

I am very beginner in PHP.

When I am registering a new user, I received an unproper 'return' (-1 instead of 1) when I am using mysql_query. Without line with "mysql_query" return is proper.

What am I doing wrong?

public function register ($username, $password, $activationcode) {
    $username = $this->parse($username);
    $password = $this->parse($password);

    $query_search = "SELECT * from tbl_user WHERE username = '".$username."' ";
    $query_exec = mysql_query($query_search) or die(mysql_error());
    $no_of_rows = mysql_num_rows($query_exec);

if ($no_of_rows == 0)
{
        $newUser="INSERT INTO tbl_user(username, password,activationcode) VALUES ('".$username."', '".$password. "','".$activationcode."')"; 
        if(mysql_query($newUser))
        {
        return 1;
        }
}else {
    return -1;
    }
}
Charlotte
  • 1
  • 1
  • Do you get any error messages? – Rizier123 Jan 05 '15 at 22:27
  • Beware of SQL injections and use MySQLi. – Œlrim Jan 05 '15 at 22:29
  • 2
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). – Jay Blanchard Jan 05 '15 at 22:32
  • Aside from using `mysql_` which is deprecated, and not using prepared statements, one obvious thing you're doing wrong is you never opened the database connection. Or, if you did, you did so outside this function and didn't pass the reference to the connection into the function. – developerwjk Jan 05 '15 at 22:41
  • @developerwjk - `mysql_` functions will use the most recently opened connection to the database as a default if there isn't one provided in function calls, so not having an explicit database connection in scope inside a function isn't necessarily going to cause an issue. – andrewsi Jan 05 '15 at 22:47
  • @andrewsi, I know that's true within the same context, but I wasn't sure if it works when you open the connection in one place and try to use it in another. – developerwjk Jan 05 '15 at 23:00

1 Answers1

0

Let me say I would not code it that way, but here is what I would do to correct your code while keeping your structure:

include($_SERVER['DOCUMENT_ROOT']."/database.php"); // your database connection values that are into a $database variable that we will use now. For example, mysqli_connect(DB_SERVER, DB_USER, DB_PASSWORD);

public function register ($username, $password, $activationcode){
    $username = $this->parse($username);
    $password = $this->parse($password);

    mysqli_select_db(DB_NAME); // the name of the database you will use.

    $sql = mysqli_query($database, "SELECT * from tbl_user WHERE username = '$username'") or die(mysqli_error());

    if(mysqli_num_rows($sql) == 0){
        $newUser = "INSERT INTO tbl_user (username, password, activationcode) VALUES ('$username', '$password', '$activationcode')";
        if(mysqli_query($database, $newUser)){
            return 1;
        } else {
            return -1; // you might get a problem in here too.
        }
    } else {
        return -1;
    }
}
Zeke
  • 1,281
  • 1
  • 18
  • 26