0

I am a very new Beginner In PHP I am getting SQL Error and not Accessing into Database Can someone point me in the right direction where I am Going Wrong In
My Code. How Should I remove

non-object error

getting errors in these two lines

if( $result->num_rows !== 0 ) 
   ..........// }
$result->free();

thanks in advance.

<?php

if ( !empty( $_POST['submit'] ) ) {
    if ( empty( $_POST['user_name'] ) || empty( $_POST['email'] ) || empty( $_POST['password'] ) || empty( $_POST['re_password'] ) ) {
        exit( "please fill all the form field.<a href='./form.php'>return</a>" );
    }
    if ( $_POST['password'] !== $_POST['re_password'] ) {
        exit( "please check your password.<a href='./form.php'>return</a>" );
    }
    $pattern = "/^\w+((-\w+)|(\.\w+))*\@[A-Za-z0-9]+((\.|-)[A-Za-z0-9]+)*\.[A-Za-z0-9]+$/";
    if ( !preg_match( $pattern, $_POST['email'] ) ) {
        exit("please use a valid email address.<a href='./form.php'>return</a>");
    }
    $pattern = "/^.{6,20}$/";
    if ( !preg_match( $pattern, $_POST['password'] ) ) {
        exit( "password should contain atleast 8 characters and no more 20 characters.<a href='./form.php'>return</a>" );
    }
    $user_name = addslashes( $_POST['user_name'] );
    $email = addslashes( $_POST['email'] );
    $password = addslashes( $_POST['password'] );
    require_once( "./connect.php" );
    $sql = "SELECT * FROM 'user' WHERE 'email'='{$email}'";
    $result = $db->query($sql);
    if ( $db->connect_error ) {
        exit( "SQL error.<a href='./form.php'>return</a>" );
    }
    if ( $result->num_rows !== 0 ) {
        exit( "please use another email address.<a href='./form.php'>return</a>" );
    }
    $result->free();
    $password = md5( $password );
    $sql = "INSERT INTO 'user' SET 'user_name'='{$user_name}', 'email'='{$email}', 'password'='{$password}'";
    $result = $db->query( $sql );
    if ( $result === true ) {
        echo "registration successful.<br/>";
    } else {
        echo "registration failed.<br/>";
    }
    $db->close();
   }
   ?>
   <form action="" method="POST">
     Username: <input type="text" name="user_name" value=""/><br/>
    Email-Address: <input type="text" name="email" value=""/><br/>
    Password: <input type="password" name="password" value=""/><br/>
    Re-Enter Password: <input type="password" name="re_password" value=""/> 
    <br/>
    <input type="submit" name="submit" value="submit"/> 
  </form>



   <!--  code of connect file to Database-->

  <?php
     $db = new mysqli( "localhost", "root", "", "registration" );
      if ( $db->connect_error ) {
      printf("Connect failed: %s\n", $db->connect_error);
      exit();
   }
 ?>
Alive to die - Anant
  • 70,531
  • 10
  • 51
  • 98
Asiya Fatima
  • 1,388
  • 1
  • 10
  • 20
  • Your error is pretty clear – executable Oct 12 '18 at 12:14
  • You're using mysqli already, so use prepared statements, or at the bare minimum use `mysqli_real_escape_string` functions, `addslashes` is not secure. – Jonnix Oct 12 '18 at 12:16
  • $result isn't an object, check out this page: http://php.net/manual/en/mysqli.query.php and this one http://php.net/manual/en/mysqli-result.fetch-object.php – Adam Oct 12 '18 at 12:17
  • He's not asking that at all Jon? Though security is an issue with his script and the OP should look into that too – Adam Oct 12 '18 at 12:18
  • @Dammeul So..? I never said it was an answer to his question. That's why it's a comment and not an answer. – Jonnix Oct 12 '18 at 12:28
  • Can you post the full error message than just 'non-object error'. – Kebab Programmer Oct 12 '18 at 14:15
  • Thanks, @JonStirling I found that its an issue with the backtick. Everything seems to be ok with the only I found it was a backtick point in the query. – Asiya Fatima Oct 12 '18 at 15:03

0 Answers0