-1

I am making a guestbook rightnow and its not 100% working. I am getting these errors here:

Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\MAMP\htdocs\guestbook\addguestbook.php on line 23

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\MAMP\htdocs\guestbook\addguestbook.php on line 24

And here you can see my code:

<?php

ini_set('display_errors', 1);
error_reporting(E_ALL);

$conn = mysqli_connect('localhost', 'root', 'root', 'database');

if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];

$datetime = date("y-m-d h:i:s"); //date time

$sql = "INSERT INTO guestbook (name, email, comment, datetime)VALUES('$name', '$email', '" . nl2br(htmlspecialchars($comment)) . "', '$datetime')";
$intodatabase = mysqli_query($conn, $sql);

$user_check_query = "SELECT * FROM members WHERE comment='$comment'";
$check = mysqli_query($sql, $user_check_query);
$count = mysqli_num_rows($check);

if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    if ($count > 0) {
        if ($result) {
            echo "Erfolgreich";
            echo "<br>";
            echo "<a href='viewguestbook.php'>Show</a>";

        } else {
            echo "Connection Error";
        }
        echo "<a href='guestbook.php'>user name already in use</p>";
    }
} else {
    echo "Inkorekte E-Mail";
    echo "<BR>";
    echo "<a href='guestbook.php'>try again</a>";
}

mysqli_close($conn);
?>
Kalamarico
  • 5,466
  • 22
  • 53
  • 70
PT1602
  • 1
  • Look for the difference between your two calls to `mysqli_query`. – Don't Panic Mar 04 '19 at 16:34
  • You accidentally used the SQL string from the first query instead of your connection object. – Don't Panic Mar 04 '19 at 16:36
  • Thanks for your quick answer, now i a getting: "Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\MAMP\htdocs\guestbook\addguestbook.php on line 24" – PT1602 Mar 04 '19 at 16:40
  • If you get a boolean it means your query failed. You should set your mysqli connection up to throw exceptions on SQL errors so you can see why. – Don't Panic Mar 04 '19 at 16:41
  • Like this: https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-information-in-different-environments – Don't Panic Mar 04 '19 at 16:41
  • Perfect, thank you alot dude! – PT1602 Mar 04 '19 at 16:48
  • You're welcome! Also, you should bind those post values as parameters to prepared statements. The way you're concatenating them with the SQL string is vulnerable to SQL injection. Here's an example from the manual: http://php.net/manual/en/mysqli-stmt.execute.php#refsect1-mysqli-stmt.execute-examples – Don't Panic Mar 04 '19 at 16:56
  • Ok i will take a look at that. Thank you! – PT1602 Mar 04 '19 at 17:05

1 Answers1

0

You are passing your $sql variable into your mysqli_query() function when you are supposed to be passing $intodatabase.

Jack Whelan
  • 66
  • 9