-1

need php help. getting the error message when attempting to connect to mysql database.. below is my source code around line 39 that its complaining about:

    // checks username does not exist
    public function checkUsername($username) {
         $sql = "SELECT username FROM Registration WHERE username = '$username'";
         $this->result = mysqli_query($this->conn, $sql);
         if (mysqli_num_rows($this->result <= 0) {
              return false;
         }     
         return true;
tdelios
  • 1
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prep ared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examp les. – Alex Howansky Nov 09 '17 at 18:30

1 Answers1

0

You are missing a bracket on the end of the file, which closes the function. You are also missing one here: if (mysqli_num_rows($this->result <= 0) {

Change your code to this:

public function checkUsername($username) {
         $sql = "SELECT username FROM Registration WHERE username = '$username'";
         $this->result = mysqli_query($this->conn, $sql);
         if (mysqli_num_rows($this->result ) <= 0 ) {
              return false;
         }     
         return true;

}

Use a syntax checker like this one next time: https://phpcodechecker.com/

Jesse Schokker
  • 896
  • 7
  • 19