-2

im currently have 2 problems. The undefined variable and mysqli_real_escape_string

These are the notice and warning:

Notice: Undefined variable: con in C:\xampp\htdocs\ngab\login.php on line 14

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\ngab\login.php on line 14

Notice: Undefined variable: con in C:\xampp\htdocs\ngab\login.php on line 16

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\ngab\login.php on line 16

Notice: Undefined variable: con in C:\xampp\htdocs\ngab\login.php on line 18

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\ngab\login.php on line 18

Notice: Undefined variable: con in C:\xampp\htdocs\ngab\login.php on line 21

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\ngab\login.php on line 21

These are my codes:

<!DOCTYPE html>
   <html>
    <head>
    <meta charset="utf-8">
    <title>Login</title>
    <link rel="stylesheet" href="css/style.css" />
    </head>
    <body>
     <?php
     require('db.php');
     session_start();
     if (isset($_POST['username'])){
        $user_ID = stripslashes($_REQUEST['user_ID']);
         $user_ID = mysqli_real_escape_string($con,$user_ID);
         $username = stripslashes($_REQUEST['username']);
         $username = mysqli_real_escape_string($con,$username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
    $query = "SELECT * FROM `teacher_table` WHERE user_ID='$user_ID' 
    and username='$username' and password='".md5($password)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
    if($rows==1){
    $_SESSION['username'] = $username;
    header("Location: home.php");
     }else{
echo "<div class='form'>
   <h3>User ID/username/password is incorrect.</h3>
    <br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
   ?>
     <div class="form">
   <h1>Log In</h1>
    <form action="" method="post" name="login">
   <input type="text" name="user_ID" placeholder="User ID" required />
    <input type="text" name="username" placeholder="Username" required />
    <input type="password" name="password" placeholder="Password" required />
    <input name="submit" type="submit" value="Login" />
     </form>
    <p>Not registered yet? <a href='registration.php'>Register Here</a></p>
     </div>
     <?php } ?>
     </body>
     </html>

And this is the db.php is:

    <?php
     $connect=mysql_connect("localhost","root","");
     if(!$connect)
     {
       echo "Error".mysql_error();
        }
       $db=mysql_select_db("attendance_db");
       if(!$db)
        {
           echo "Error".mysql_error();
           }
          ?>

Thanks. I would like to know whats wrong and how to fix it?

Haniff
  • 23
  • 2
  • 9

1 Answers1

1

Your line looks like copied from some code some were else $user_ID = mysqli_real_escape_string($con,$user_ID); $con is your database connection and right now $con is not defined its giving a NULL and mysqli doesnt understand.

You are also using mysql_connect and that is not correct. You cannot use mysqliand mysql they are 2 different things. I would learn mysqli over mysql because mysql will be no longer used soon. Mysqli_connect();

$mysqli = new mysqli($host, $user, $pass, $db);
if($mysqli->connect_error) die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
//this will connect to database with mysqli if not it will stop and post error

Your code $result = mysqli_query($con,$query) or die(mysql_error()); $rows = mysqli_num_rows($result); has too many problems between mysql and mysqli

Please Look Here And Choose 1, but do not intermix different MySQL APIs.

http://php.net/manual/en/book.mysqli.php (preferred)

http://php.net/manual/en/book.mysql.php (deprecated and deleted as of PHP 7)

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
DarkSideKillaz
  • 138
  • 6