Getting error in inserting data to sql database

Question

This is my code :

<?php
error_reporting(E_ALL ^ E_NOTICE);
    ini_set('display_errors', '1');

    DEFINE ('DB_HOST', 'localhost');
    DEFINE ('DB_USER', 'root');
    DEFINE ('DB_PSWD', '');
    DEFINE ('DB_NAME', 'facebooklogin');
    $connection = mysql_connect(DB_HOST, DB_USER, DB_PSWD) or die(mysql_error());
    $db = mysql_select_db(DB_NAME, $connection) or die(mysql_error());

    $register_firstname = $_POST['register_password'];
    $register_lastname = $_POST['register_password'];
    $register_username = $_POST['register_username'];
    $register_password = $_POST['register_password'];
    $register_confirm_password = $_POST['register_confirm_password'];
    $register_email = $_POST['register_email'];

    $register_firstname = mysql_real_escape_string($register_firstname);
    $register_lastname = mysql_real_escape_string($register_lastname);
    $register_username = mysql_real_escape_string($register_username);
    $register_password = mysql_real_escape_string($register_password);
    $register_confirm_password = mysql_real_escape_string($register_confirm_password);
    $register_email = mysql_real_escape_string($register_email);

    $query = "SELECT * FROM users WHERE username='$register_username'";
    $result = mysql_query($query);
    $count = mysql_num_rows($result);
    if($count == 1){
        echo "That username is taken. Please try another.";
    }else{
        $query = "SELECT * FROM users WHERE email='$register_email'";
        $result = mysql_query($query);
        $count = mysql_num_rows($result);
        if($count == 1){
            echo "That email is already in use. Please try again.";
        }else{
            if(strlen($register_firstname) == 0 or strlen($register_lastname) == 0 or strlen($register_username) == 0 or strlen($register_password) == 0 or strlen($register_confirm_password) == 0 or strlen($register_email) == 0){
                echo "Please complete all forms.";
            }else if(strlen($register_username) < 3 or strlen($register_username) > 12){
                echo "Username must be between 3 and 12 characters.";
            }else if(strlen($register_password) < 5 or strlen($register_password) > 12){
                echo "Password must be between 5 and 12 characters.";
            }else if($register_password != $register_confirm_password){
                echo "Passwords do not match. Please try again.";
            }else{
                $dbinsert = "INSERT INTO users (username, password, first_name, last_name, email) VALUES ('$register_username', '$register_password', '$register_firstname', '$register_lastname', '$register_email')";
                if(!mysqli_query($dbinsert)){
                    die("Error registering new user in database.");
                }
                echo "Registered!";
            } 
        }
    }
?>

<html>
<head>
    <title>registered</title>
</head>
</html>

When I run this I get 2 error: Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead

and

Warning: mysqli_query() expects at least 2 parameters, 1 given

Can someone figure what is the error in this code and please fix it.

You are mixing `mysql_*` and `mysqli_*` at one time in same code. you should use only `mysqli_*` as `mysql_* is depreciated. — Keep Coding, Apr 19 '15 at 16:54
what about this? mysqli_query() expects at least 2 parameters @TimBezhashvyly — Kumari Anjali, Apr 19 '15 at 16:58

score 1 · Answer 1 · edited Apr 19 '15 at 17:44

1

Since, you are using mysql_* everywhere in your code. It seems the problem is in your else statement. You should use mysql_query not mysqli_query in your else statement.

else{
 $dbinsert = "INSERT INTO users (username, password, first_name, last_name, email) VALUES ('$register_username', '$register_password', '$register_firstname', '$register_lastname', '$register_email')";
 if(!mysql_query($connection,$dbinsert)){
 die("Error registering new user in database.");
  }

P.S: you should consider using mysqli or PDO instead of mysql as it is depreciated and will be removed later.

edited Apr 19 '15 at 17:44

nomistic

2,902
4
20
36

answered Apr 19 '15 at 16:59

Keep Coding

636
9
26

1

This is wrong suggestion `You should use mysql_* not mysqli_*` mysqli is more safer than mysql connection. Maybe not `should`, but `could` – Stanislovas Kalašnikovas Apr 19 '15 at 17:01
Pardon Sir, since, OP is having problem in his code related to `mysqli_query` So, I have just pointed him out. @StanislovasKalašnikovas – Keep Coding Apr 19 '15 at 17:03
Never recommend to a user that they use deprecated functions! That is the source of the first error the user received. . Also don't "consider." Definitely do this. This is why these errors are popping out. These functions will be gone from php very soon and will no longer work. – nomistic Apr 19 '15 at 17:04
I will keep in mind your suggestion. Thanks for pointing me out. @nomistic.. Since, I just answered as per OP's stated problem to help him out. – Keep Coding Apr 19 '15 at 17:07
what should I do? I 'am still getting error sql is deprecated – Kumari Anjali Apr 19 '15 at 17:11
@nomistic i'm still getting error – Kumari Anjali Apr 19 '15 at 17:12
What PHP version you are using in your application? @KumariAnjali – Keep Coding Apr 19 '15 at 17:13
1

Note, , software security is fairly serious. Yes, you can get the code working using old code on local servers, but as soon as you start to put it live, you may run into trouble or worse, you end up with major code vulnerabilities. I generally find it better not to develop bad habits, as the user will end up having to rewrite all of their code (I speak from personal experience. I shudder at some of my older code) :) – nomistic Apr 19 '15 at 17:26
1

I am totally agreeing with you @nomistic and you have put most valuable information for me as a part of suggestion. :) – Keep Coding Apr 19 '15 at 17:29
1

@KumariAnjali, I've added a few more edits below to help you out. I know it may seem like a lot to consider, but once you go this direction you'll find it's not any more difficult, and the coding process will be cleaner and faster amongst all the other benefits :) – nomistic Apr 19 '15 at 17:36

nomistic · Answer 2 · 2015-04-19T17:34:58.757

Your errors are coming from two places.

The first one refers to a the fact that mysql_connect is deprecated. This is a serious warning your code is giving you. Yes, you could correct your code to make it work, but it will stop working in future versions of php.
The syntax for mysqli_query requires a connection to the database as a parameter. To use this properly use

mysqli_query($conection,$dbinsert)

like so:

if(!mysqli_query($conection,$dbinsert)){
                die("Error registering new user in database.");
            }

Note you will need to do the same thing up here (and any other place you are using the deprecated functions:

 $result = mysql_query($query);

should be:

$result = mysqli_query($connection, $query);

etc. also look at your mysql_num_rows and use something like this: http://www.w3schools.com/php/func_mysqli_num_rows.asp

One more edit:
look at any php connection in your code connecting to your database that uses the old mysql_ syntax and update it. This includes mysql_connect, mysql_select_db, mysql_real_escape_string, mysql_query, mysql_num_rows, and any other place where you tend to use these.

There are other options other than mysqli such as PDO. Both are fine. Also I seriously suggest looking into preparing your statements. This will both speed up large inserts, updates, selects, etc, but also a) increase security (they virtually remove most sql injection attacks; at least the script-kiddie ones), and b) remove any need to remember to escape all of your variables (a nice bonus).

of course if you want the errors (the notices) to go away (not advisable in the coding process), you can just remove the error reporting rows at the top of your code. However, I do *not* recommend this — nomistic, Apr 19 '15 at 17:39

Getting error in inserting data to sql database

2 Answers2