Menu
Fatal error: Uncaught Error: Call to undefined function mysql_escape_string() in C:\xampp\htdocs\phoenixproject\register.php:16 Stack trace: #0 {main} thrown in C:\xampp\htdocs\phoenixproject\register.php on line 16
How to fix this?
<?php
require("config.php");
?>
<?php
if(isset($_POST['submit'])){
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Nastavi broo.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($email1);
$email2 = mysql_escape_string($email2);
$pass1 = mysql_escape_string($pass1);
$pass2 = mysql_escape_string($pass2);
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')") or die (mysql_error());
}else{
echo "Sorry, your password is not corrext.";
exit();
}
}else{
echo "Sorry!";
}
} // brace for submit conditional
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /></br>
Last Name: <input type="text" name="lname" /></br>
Username: <input type="text" name="uname" /></br>
Email: <input type="text" name="email1" /></br>
Confirm Email: <input type="text" name="email2" /></br>
Password: <input type="password" name="pass1" /></br>
Confirm Password: <input type="password" name="pass2" /></br>
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
?>
Well I know that I was try to mix mysql and mysqli....
966
If you get an error like Fatal error: Call to undefined function mysql_connect() when trying to install GFI HelpDesk, it probably means that MySQL support has not been enabled for PHP on your server (that is, the PHP module php-mysql has not been installed).
When an exception is thrown, the code following it will not be executed, and PHP will try to find the matching "catch" block. If an exception is not caught, a fatal error will be issued with an "Uncaught Exception" message.
mysql_real_escape_string() and prepared statements need a connection to the database so that they can escape the string using the appropriate character set - otherwise SQL injection attacks are still possible using multi-byte characters.
To help you out here... (too long for a comment)
Your require("config.php"); should contain the following:
Sidenote: Use the proper settings for your host.
$link = mysqli_connect("localhost", "username", "mpassword", "database") or die($link);
Then changing your escape functions to use the mysqli_ version of it and passing the connection parameter to it:
$name = mysqli_real_escape_string($link, $_POST['name']);
$lname = mysqli_real_escape_string($link, $_POST['lname']);
$uname = mysqli_real_escape_string($link, $_POST['uname']);
$email1 = mysqli_real_escape_string($link, $email1);
$email2 = mysqli_real_escape_string($link, $email2);
$pass1 = mysqli_real_escape_string($link, $pass1);
$pass2 = mysqli_real_escape_string($link, $pass2);
Again, same thing for the query. Using the i version and passing connection to it as the first parameter.
mysqli_query($link, "INSERT INTO ...
Check for errors on your query using mysqli_error($link);
So you could modify the query to read as
$query = mysqli_query($link, "INSERT INTO ...
and doing
if(!$query){
echo "Error: " . mysqli_error($link);
}
Also read the following on Stack in regards to API mixing:
mysql_ with mysqli_ or PDO etc. do NOT intermix together. You must use the same one from connecting to querying.Footnotes.
Passwords
I also noticed that you may be storing passwords in plain text. This is not recommended. If you intend on going LIVE with this at some point, do NOT store passwords as plain text in your database.
Consult the following.
crypt()bcrypt()scrypt()password_hash() function.Other links:
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
