18

Fatal error: Uncaught Error: Call to undefined function mysql_escape_string() in C:\xampp\htdocs\phoenixproject\register.php:16 Stack trace: #0 {main} thrown in C:\xampp\htdocs\phoenixproject\register.php on line 16

How to fix this?

<?php
require("config.php");
?>
<?php
if(isset($_POST['submit'])){

$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];

if($email1 == $email2) {
    if($pass1 == $pass2) {
//All good. Nastavi broo.

$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($email1);
$email2 = mysql_escape_string($email2);
$pass1 = mysql_escape_string($pass1);
$pass2 = mysql_escape_string($pass2);

mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')") or die (mysql_error());



}else{
  echo "Sorry, your password is not corrext.";
  exit();
}
}else{
  echo "Sorry!";
}

} // brace for submit conditional

$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /></br>
Last Name: <input type="text" name="lname" /></br>
Username: <input type="text" name="uname" /></br>
Email: <input type="text" name="email1" /></br>
Confirm Email: <input type="text" name="email2" /></br>
Password: <input type="password" name="pass1" /></br>
Confirm Password: <input type="password" name="pass2" /></br>
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;

?>

Well I know that I was try to mix mysql and mysqli....

Amar Muratović
  • 451
  • 2
  • 5
  • 11
  • 3
    you posted a similar question http://stackoverflow.com/questions/34599244/uncaught-error-call-to-undefined-function-mysql-connect and was closed with the same http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Funk Forty Niner Jan 05 '16 at 14:31
  • if you're connecting with `mysqli_` (which I suspect you are), you can't mix `mysql_` functions. Those different APIs do NOT intermix. – Funk Forty Niner Jan 05 '16 at 14:32
  • 2
    Possible duplicate of [Why shouldn't I use mysql\_\* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Abdulla Nilam Jan 05 '16 at 14:32
  • As an alternative to the escape_string function you should use prepared/parameterized queries where you bind parameters to the query instead of escaping them and inserting them directly. http://php.net/manual/en/mysqli-stmt.bind-param.php – JimL Jan 05 '16 at 14:34
  • Fred thanks men... I use a lot of mysql function and I have problems to go on mysqli.... Can you tell me some sorces to make that big change for me :) – Amar Muratović Jan 05 '16 at 14:35
  • you're welcome @AmarMuratović start with the manuals http://php.net/manual/en/book.mysqli.php and http://php.net/manual/en/book.pdo.php depending on which one you like best, mysqli or PDO. ***Remember*** that you can't mix those neither. You must use the same API from connecting to querying. so mysql_ + mysqli_ or PDO do not mix, etc etc. mysqli all the way, or PDO all the way. – Funk Forty Niner Jan 05 '16 at 14:37
  • @AmarMuratović you also should have posted your entire code and we would have been able to pinpoint the real error. Your system may not accept the mysql_ functions anymore, depending on the webserver/PHP version you're running under. – Funk Forty Niner Jan 05 '16 at 14:39
  • I use xampp and ATOM code editor... And I really have problem with mysql_function – Amar Muratović Jan 05 '16 at 14:41
  • then don't use `mysql_` functions, use `mysqli_`. First establish a connection http://php.net/manual/en/function.mysqli-connect.php then query http://php.net/manual/en/mysqli.query.php *easy as pie* - Plus, I don't know why you are using mysql_, those are old functions and are not very safe to use anymore and will be removed in future PHP releases. So, you would only be wasting your time really and would need to recode everything later on; that isn't a fun thing to do, believe me. ;-) – Funk Forty Niner Jan 05 '16 at 14:43
  • Thanks men I'll try... p.s. can I contact you if I had bug :D – Amar Muratović Jan 05 '16 at 14:48
  • @AmarMuratović I posted something for you below to help you out. – Funk Forty Niner Jan 05 '16 at 14:54

4 Answers4

25

To help you out here... (too long for a comment)

Your require("config.php"); should contain the following:

Sidenote: Use the proper settings for your host.

$link = mysqli_connect("localhost", "username", "mpassword", "database") or die($link);

Then changing your escape functions to use the mysqli_ version of it and passing the connection parameter to it:

$name = mysqli_real_escape_string($link, $_POST['name']);
$lname = mysqli_real_escape_string($link, $_POST['lname']);
$uname = mysqli_real_escape_string($link, $_POST['uname']);
$email1 = mysqli_real_escape_string($link, $email1);
$email2 = mysqli_real_escape_string($link, $email2);
$pass1 = mysqli_real_escape_string($link, $pass1);
$pass2 = mysqli_real_escape_string($link, $pass2);

Again, same thing for the query. Using the i version and passing connection to it as the first parameter.

mysqli_query($link, "INSERT INTO ...

Check for errors on your query using mysqli_error($link);

So you could modify the query to read as

$query = mysqli_query($link, "INSERT INTO ...

and doing

if(!$query){
   echo "Error: " . mysqli_error($link);
   }

Also read the following on Stack in regards to API mixing:

  • Can I mix MySQL APIs in PHP?
  • You can't. mysql_ with mysqli_ or PDO etc. do NOT intermix together. You must use the same one from connecting to querying.

Footnotes.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended. If you intend on going LIVE with this at some point, do NOT store passwords as plain text in your database.

Consult the following.

Other links:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • $query = "INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')"; mysqli_query($con, $query); printf ("New Record has id %d.\n", mysqli_insert_id($con)); – Amar Muratović Jan 05 '16 at 16:11
  • I wrote this but I didn't see anything in my base – Amar Muratović Jan 05 '16 at 16:11
  • @AmarMuratović my answer contains `$link` for the connection and unsure if you did change it or not. Plus, add `or die(mysqli_error($con))` to `mysqli_query()` IF `$con` is the variable for the connection that you are indeed using. – Funk Forty Niner Jan 05 '16 at 16:13
  • @AmarMuratović I noticed your new question. You misinterpreted my comment up here. I also included a different way of checking for errors. `if(!$query){ echo "Error: " . mysqli_error($link); }` but you didn't do that. – Funk Forty Niner Jan 05 '16 at 17:10
  • 1
    why was this downvoted just now? spite votes aren't well-taken here. – Funk Forty Niner Jan 07 '17 at 14:35
3

Change your PHP version back to PHP 5.6 and it will working fine.

Waqas Ahmed
  • 300
  • 2
  • 4
0

Best is to downgrade the PHP version to 5.6 and all will set. Error will 100% removed then.

Hope this helps!

Sukhvir Singh
  • 33
  • 2
-3

It seems I don`t know which version of PHP you are Using!

If Your PHP is 7.x.x then only one thing to do is just rename

$uname = mysqli_real_escape_string($link, $_POST['uname']);

to

$uname = $_POST['uname'];

Thanveer
  • 13
  • 2