1

im having problem with the integration of text fields with php by $_post method and i've done almost complete code but it giving me boolean error in line 84 which is

if(mysqli_num_rows ||($run)==0)

and my whole code is 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1 align="center">Registration form</h1>
<form action="registration.php" method="post">
    <table align="center" border="2">
        <tr>
            <td>User name</td>  <td><input type="text" placeholder="username" name="name" /></td>
        </tr>

        <tr>
            <td>Password</td>   <td><input type="password" placeholder="password" name="password" /></td>
        </tr>

        <tr>
            <td>Email</td>  <td><input type="email" placeholder="email" name="email" /></td>
        </tr>

        <tr>
            <td colspan="2" align="center"><input type="submit" value="submit" name="submit" /></td>
        </tr>
    </table>
</form>    
</body>
</html>


<?php
 //connection to database

 $servername = "localhost";
 $db_username = "user_db_users";
 $db_password = "123456789";
 $db_name = "users_db";

 $conn = new mysqli($servername, $db_username, $db_password, $db_name);

 //fatching data from form

if(isset($_POST['submit'])){

    $user_name = $_POST['name'];
    $user_pass = $_POST['password'];
    $user_email = $_POST['email'];


    //validatio form


    if($user_name==''){
        echo "<script>alert('please enter usernmae')</script>";
        exit();
        }

    if($user_pass==''){
        echo "<script>alert('please enter password')</script>";
        exit();
        }   

    if($user_email==''){
        echo "<script>alert('please enter email')</script>";
        exit();
        }

    $check_email = "select * from users where user_email='$user_email'";
    $run = mysql_query($check_email);

    if(mysqli_num_rows ||($run)==0){

        echo "<script>alert('Email $check_email is already exist')</script>";
        exit();
        }

    //Getting values from fields of registration form   

    $query = "insert into users(user_name, user_pass, user_email) values($user_name, $user_pass, $user_email)";

    if(mysql_query($query)){
        echo "<script>alert('registration successful')</script>";
        }
    }
?>
Aᴄʜᴇʀᴏɴғᴀɪʟ
  • 2,957
  • 4
  • 24
  • 50
Ahad
  • 11
  • 2

1 Answers1

1

The function mysqli_num_rows() need a mysqli_result parameter and if you want the logic to work correctly the test is actually wrong as well

So change

 if(mysqli_num_rows ||($run)==0){

To 

if(mysqli_num_rows($run) > 0) {

This query will also fail

$query = "insert into users(user_name, user_pass, user_email) 
                     values($user_name, $user_pass, $user_email)";

All text column variables should be wrapped in quotes like this

$query = "insert into users(user_name, user_pass, user_email) 
                     values('$user_name', '$user_pass', '$user_email')";

But I have to mention that Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe! Use prepared parameterized statements

Community
  • 1
  • 1
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149