call to member function query error for signup system

Question

I'm still a little new to using php and mysqli, but with this code I've come across several different errors and each time I fix one, another pops up. At first I thought it was because I was using an outdated system but soon realized that the some of the code I was using was actually from an older version... I have searched and searched but the only problem that it's giving me is the use of -> for some reason, is there maybe an alternative? Or am I just going crazy...

I have tried updating my server, changed the mysql to mysqli, updated PHP to the current one, searched all over the web and youtube to see how others did it and what errors they encountered

if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

$mysqli = new mysqli ('localhost', 'root', '', 'jordansworld');

if( $mysqli ->connect_error ) {
    die( 'Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}

$mysqli = "INSERT INTO user ( first, last, email, uid, pwd ) VALUES ( '{$mysqli->real_escape_string($_POST['first'])}' , ' {$mysqli->real_escape_string($_POST['last'])}' , '{$mysqli->real_escape_string($_POST['email'])}' , '{$mysqli->real_escape_string($_POST['uid'])}' , '{$mysqli->real_escape_string($_POST['pwd'])}'";
$insert = $mysqli->query($mysqli);

if ($insert) {
echo "Success! Row ID: {$mysqli->insert_id}";
} 
else 
{
die("Error: [$mysqli::errno] : [$mysqli::error]");
}
$mysqli->close();
}
/* Error Handlers */
/* Check empty fields */
if(empty($first) || empty($last)|| empty($email)|| empty($uid)|| 
empty($pwd)) 
{
header ("Location: ../signup.php?signup=empty");
exit();
}   
else 
 {
//Insert the user into the database
$mysqli = "INSERT INTO `users` (user_first, user_last, user_email, 
user_uid, user_pwd) VALUES ('$first' '$last', '$email', '$uid', 
'$pwd');";
            mysqli_query($conn, $mysqli);
            header("Location: ../signup.php?signup=success");
            exit();
}

Expected it to add the data to PHPmyadmin. Will pull data from database, such as logging in, but will not add the data.

Error Message: Fatal error: Uncaught Error: Call to a member function query() on string in C:\xampp\htdocs\myfiles\Visual Studio Code JavaScript\PHP Blog Code\includes\signup.inc.php:18 Stack trace: #0 {main} thrown in C:\xampp\htdocs\myfiles\Visual Studio Code JavaScript\PHP Blog Code\includes\signup.inc.php on line 18

Answer 1

You're initially using the variable $mysqli for the MySQLi database connection instantiation, but later overriding it with the string representing the query itself:

$mysqli = new mysqli ('localhost', 'root', '', 'jordansworld');
$mysqli = "INSERT INTO user ( first, last, email, uid, pwd )

Naturally, your string doesn't contain a method called query().

To resolve this, simply replace this second declaration with a new variable name, like $query, and then reference this inside ->query() as follows:

$query = "INSERT INTO user ( first, last, email, uid, pwd ) VALUES ( '{$mysqli->real_escape_string($_POST['first'])}' , ' {$mysqli->real_escape_string($_POST['last'])}' , '{$mysqli->real_escape_string($_POST['email'])}' , '{$mysqli->real_escape_string($_POST['uid'])}' , '{$mysqli->real_escape_string($_POST['pwd'])}'";
$insert = $mysqli->query($query);

Note, however, that mysqli_real_escape_string() is not sufficient to prevent SQL injection, and instead you should really swap to using prepared statements.