-2

Okay so i re-uploaded my CMS and seem that all the mysql is erroring and i've narrowed alot down, Im stuck on this one

     include_once "connect_to_mysql.php"; // <<---- Connect to database here
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); 
    // filter
    $sql_uname_check = mysqli_query(" SELECT id FROM myMembers WHERE username='$username' LIMIT1"); 
    $uname_check = mysql_num_rows($sql_uname_check);

Anyone have any idea?, Just trying to brush up on the Mysqli of things

JasonReynolds
  • 17
  • 1
  • 7
  • 1
    You're mixing `mysql_*` and `mysqli_*` functions, which doesn't work. – Jay Blanchard Jul 14 '16 at 14:39
  • You're mixing `mysql_*` and `mysqli_*`. That doesn't work. Pick one. (Preferably the latter, since the former is deprecated.) – David Jul 14 '16 at 14:39
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 14 '16 at 14:39
  • Apologies it was mysql_query i've just been trying to sort it but no clue, I'm trying to transfer it to the new mysqli – JasonReynolds Jul 14 '16 at 14:41
  • @user36273: So... You're not showing us the actual code, nor telling us the actual error? What exactly is it you want us to do then? – David Jul 14 '16 at 14:41
  • include_once "connect_to_mysql.php"; // <<---- Connect to database here $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter $sql_uname_check = mysql_query(" SELECT id FROM myMembers WHERE username='$username' LIMIT1"); $uname_check = mysql_num_rows($sql_uname_check); That is the actual code i have – JasonReynolds Jul 14 '16 at 14:42
  • Comment is not the place for actual code, friend! – Ahmad Jul 14 '16 at 14:43
  • @user36273: For obvious readability reasons, code belongs in the question and not in comments. Please edit the question to include the code you're using and the error(s) you're seeing, as well as any descriptive or relevant debugging information about where the errors take place and what the relevant runtime values are at that time. Currently you're basically asking, "How do I use a database with PHP?" The only answer to that is to start with some tutorials. – David Jul 14 '16 at 14:48

1 Answers1

0

You have to use the proper format for mysqli which is different from that in mysql

$sql_uname_check = mysqli_query($sql," SELECT id FROM myMembers WHERE username='$username' LIMIT1");

I have assumed you used $sql to connect to the database.

You can checkout more at http://php.net/manual/en/mysqli.query.php

Also you are mixing up mysql_* and mysqli_* fuctions. Use

$uname_check = mysqli_num_rows($sql_uname_check);