0

Here's the code and the defined variables too.

http://pastebin.com/t7nq8NJh

I've been trying to make it run for the past few hours already, and I just can't get past the area at line 32.

What do you think did I miss? I'm sorry, I am just starting to learn this so I might have missed some key structuring or something.

Thank you.

Code:

include_once('assets/inc/db_login.inc');
session_start();

function sql_entry($user,$pass,$phone,$points){

//do not touch anything beyond this part
$conn = mysqli_connect(DB_HOST,DB_USERNAME,DB_PASSWORD,DB_NAME);

//error catcher for connection failure
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}

date_default_timezone_set('America/Chicago');

//grabs the time
$time = date('H:i:s');
//$time = $time->format();
$date = date('Y-m-d');
//$date = $date->format();

//clean themmmmmm!
$clean_user = mysqli_real_escape_string($conn, $user);
$clean_pass = mysqli_real_escape_string($conn, $pass);
$clean_phone = mysqli_real_escape_string($conn, $phone);
$clean_points = mysqli_real_escape_string($conn, $points);

//prepare queries
$verification = "SELECT * FROM ".DB_TBL."WHERE phone =".$clean_phone;
$verification_result = mysqli_query($conn,$verification); //run query to validate user

$count = mysqli_num_rows($verification_result); //

//error catcher for non-existing username or wrong user/pass
if($count < 1){
$account_registration = "INSERT INTO ".DB_TBL." (username,password,register_date,phone,points,notes) VALUES ('$clean_user','$clean_pass','$date','$clean_phone','$clean_points','')";
$registration_result = mysqli_query($conn,$account_registration);
mysqli_close($conn);
return 1;
}
else
mysqli_close($conn);
return 0;
}

//here's the other variables for login (all are correct, i have triple checked them already countless times)

<?php

define ("DB_HOST", "127.0.0.1");
define ("DB_USERNAME", "root");
define ("DB_PASSWORD", "ragnarok");
define ("DB_NAME", "houseofvbi");
define ("DB_TBL", "users");

?>

Additional:

if($_SERVER["REQUEST_METHOD"] == "POST"){

if(empty($_POST["name"])) {
  $unameErr = "Username is required";
}
else {
  $uname = clean_input($_POST["name"]);
}

if(empty($_POST["pass"])) {
  $pwordErr = "Password is required";
}
else {
  $pword = clean_input($_POST["pass"]);
}

if(empty($_POST["phone"])) {
  $pwordErr = "Please input phone number";
}
else {
  $phone = clean_input($_POST["phone"]);
}

if(empty($_POST["apass"])) {
  $pwordErr = "Please input phone number";
}
else {
  $points = clean_input($_POST["apass"]);
}
}

$check = sql_entry($uname,$pword,$phone,$points);

if($check == 0){

echo "<script type='text/javascript'>alert('The username is already in use.');";
echo "window.location = '#';";
echo "</script>";

}

else

echo "<script type='text/javascript'>alert('Registration is complete. You may log in in the game.');";
echo "window.location = '#';";
echo "</script>";


/* Functions */

function clean_input($login){

$login = trim($login);
$login = stripslashes($login);
$login = htmlspecialchars($login);

return $login;

}
Cyan Hijirikawa
  • 33
  • 4
  • 2
    Possible duplicate of [mysqli\_fetch\_array()/mysqli\_fetch\_assoc()/mysqli\_fetch\_row() expects parameter 1 to be resource or mysqli\_result, boolean given](http://stackoverflow.com/questions/2973202/mysqli-fetch-array-mysqli-fetch-assoc-mysqli-fetch-row-expects-parameter-1) – tkausl Oct 09 '16 at 05:02
  • Its better to add code here instead of URL. Because your URL is not working in my region – devpro Oct 09 '16 at 05:03
  • Phone is integer or string? – devpro Oct 09 '16 at 05:09

1 Answers1

3

In your query:

$verification = "SELECT * FROM ".DB_TBL."WHERE phone =".$clean_phone;

You need to add a space between TABLE NAME and WHERE as:

$verification = "SELECT * FROM ".DB_TBL." WHERE phone =".$clean_phone;

Second, don't know phone no field is string or integer if its string than you need to add single quote around phone no as:

$verification = "SELECT * FROM ".DB_TBL." WHERE phone = '$clean_phone'";
devpro
  • 16,184
  • 3
  • 27
  • 38
  • Thank you, it fixed that, however, it is not adding the $phone variable properly, instead of adding what I input, it inputs another number, which is from 7083281100 -> 2147483647 I have no idea why it is doing that. Thank you for your help. – Cyan Hijirikawa Oct 09 '16 at 05:15
  • @cyan-hijirikawa for phone no u need to check data type in database and increase the length of this field. And don't forgot to accept this answer if its works – devpro Oct 09 '16 at 05:17
  • 1
    @CyanHijirikawa `7083281100` is too large to be an integer; you'll need `bigint`. Take a look at max size for a signed int and I think you'll find something interesting. http://dev.mysql.com/doc/refman/5.7/en/integer-types.html – chris85 Oct 09 '16 at 05:20
  • @devpro, it seems like whenever i use the 7083281100, it automatically converts it to 2147483647, if I use like 1231231231, it enters just fine. The limit for this is already set to 20, and I am inputting 10 numbers only. – Cyan Hijirikawa Oct 09 '16 at 05:21
  • Yes @CyanHijirikawa u need to change your data type. – devpro Oct 09 '16 at 05:22
  • @chris85 thank you, that fixed it. Thank you guys. More power to you.guys. Also devpro, thanks for pointing it out. – Cyan Hijirikawa Oct 09 '16 at 05:22
  • 1
    @CyanHijirikawa An alternative approach would be using a varchar, or text type column. Depending on the allowed numbers you may want that anyway. – chris85 Oct 09 '16 at 05:24
  • @CyanHijirikawa I suggest varchar instead of bigint – devpro Oct 09 '16 at 05:25