0

In the below code dbconnect.php is the file where i have written the code for connecting to database and there are no errors in it. I have done this php code to add users into a database. My Database connectivity is working perfectly. But When i try to select the tables from my database which is initially empty i'm getting the sqlstate as 42S22. Where am i going wrong. Is there any problem in mysqli statements. Kindly help me out.

<?php
include('dbconnect.php');
ob_start();
session_start();
if( isset($_SESSION['user'])!="" ){
    header("Location: home.php");
}
  //    include 'dbconnect.php';
  //    require_once 'dbconnect.php';

  //    $con = $_SESSION['db'];

$error = false;
$nameError = $emailError = $passError = $ageError = $genderError = 
$phoneError = $placeError = "";
if ( isset($_POST['btn-signup']) ) {

    // clean user inputs to prevent sql injections
    $name = trim($_POST['name']);
    $name = strip_tags($name);
    $name = htmlspecialchars($name);

    $email = trim($_POST['email']);
    $email = strip_tags($email);
    $email = htmlspecialchars($email);

    $pass = trim($_POST['pass']);
    $pass = strip_tags($pass);
    $pass = htmlspecialchars($pass);

    $age = trim($_POST['age']);
    $age = strip_tags($age);
    $age = htmlspecialchars($age);

    $gender = trim($_POST['gender']);
    $gender = strip_tags($gender);
    $gender = htmlspecialchars($gender);

    $phone = trim($_POST['phone']);
    $phone = strip_tags($phone);
    $phone = htmlspecialchars($phone);

    $place = trim($_POST['place']);
    $place = strip_tags($place);
    $place = htmlspecialchars($place);

    // basic name validation
    if (empty($name)) {
        $error = true;
        $nameError = "Please enter your full name.";
    } else if (strlen($name) < 3) {
        $error = true;
        $nameError = "Name must have atleat 3 characters.";
    } else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
        $error = true;
        $nameError = "Name must contain alphabets and space.";
    }

    //basic email validation
    if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
        $error = true;
        $emailError = "Please enter valid email address.";
    } else {
        // check email exist or not

        $em = $conn->real_escape_string($email);
        $q = "SELECT Email FROM users WHERE Email='$em'";

        $result = $conn->query($q);
        **Here Comes the error **
        if (!$result) {
            printf("%s",$conn->sqlstate);
            exit();
        }
        **It prints 42S22**
        $count = $result->num_rows;
        if($count!=0){
            $error = true;
            $emailError = "Provided Email is already in use.";
        }
    }
    // password validation
    if (empty($pass)){
        $error = true;
        $passError = "Please enter password.";
    } else if(strlen($pass) < 6) {
        $error = true;
        $passError = "Password must have atleast 6 characters.";
    }

    if (empty($age)) {
        $error = true;
        $ageError = "Enter your Age";
    }
    if (empty($gender)) {
        $error = true;
        $genderError = "Enter your Department";
    }
    if (empty($place)) {
        $error = true;
        $placeError = "Enter your Place";
    }
    if (empty($phone)) {
        $error = true;
        $phoneError = "Enter your Phone";
    }

    // password encrypt using SHA256();
    $password = hash('sha256', $pass);

    // if there's no error, continue to signup
    if( !$error ) {

        $query = "INSERT INTO users(Name,Email,Password,Age,Gender,Phone,Place) VALUES('$name','$email','$password','$age','$gender','$phone','$place')";
        $res = $conn->query($query);

        if ($res) {
            $errTyp = "success";
            $errMSG = "Successfully registered, you may login now";
            unset($name);
            unset($email);
            unset($pass);
            unset($age);
            unset($gender);
            unset($phone);
            unset($place);
        } else {
            $errTyp = "danger";
            $errMSG = "Something went wrong, try again later...";
        }
    }
}
?>

some html code below to get the input

please help how to solve it

M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
  • `if( isset($_SESSION['user'])!="" ){` that does not do what you think it does! – Qirel Sep 12 '17 at 18:33
  • 1
    Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Sep 12 '17 at 18:33
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Sep 12 '17 at 18:34
  • One of the columns in your query doesn't exist. – Jay Blanchard Sep 12 '17 at 18:34
  • You've probably written a column name that doesn't exist in the table (remember that those are case sensitive). We can't help you more without seeing the _complete_ error message _and_ your table structure. – M. Eriksson Sep 12 '17 at 18:35
  • There's generally no need to unset all the variables in your script. – M. Eriksson Sep 12 '17 at 18:37

0 Answers0