Mysqli Real Escape String() Problems.

[Rache]

Hello, I'm new to PHP/MySQL. I am trying to create a website, been having a lot of problems, gone through 3 books (two of which were for dummies...and they didn't help much either lol). But when i came to the "PHP and MySQL For Dynamic Web Sites - Second Edition", i started to get some progress, but i kept getting error messages with the "An error occurred in script 'C:\xampp\htdocs\register.php' on line 20: mysqli_real_escape_string() expects parameter 1 to be mysqli, resource given". Now i don't know what it means when this error message comes on, let alone what to do to fix it. I have downloaded the codes from the third edition, and i got the same message. In one of the for dummies books, the author mentioned turning off the magic_quotes, in which case i did turn them off, but the code she had looked fine, but didn't work. I don't know if I should turn them back on? or not? but I need help with the PHP/MySQL codes. At the moment i am using the apache server (will be moving to a hosting service once it is finished, which will hopefully be soon.) But I am looking for someone who can help me throughout this entire process. I have tried to find other Forums over the internet for help, either they are not active or i don't get the help, answers, or advice that i need. Thank you in advance. Please reply soon.

[Jonathon]

Hello Rache, what is your code?

[Rache]

Hello Rache, what is your code?

At the moment i am using his code, i am trying to test it out, and if it works, shape it to my applications needs. Which code are you asking for? the page it says the error its on?

[Rache]

Its the third eddition one for the user registration.

[Jonathon]

The code you're using in your script

[Rache]

<?php # Script 16.6 - register.php

// This is the registration page for the site.

require_once ('config.inc.php');

$page_title = 'Register';

include ('header.html');

if (isset($_POST['submitted'])) { // Handle the form.

require_once ('mysql_connect.php');

 

// Trim all the incoming data:

$trimmed = array_map('trim', $_POST);

 

// Assume invalid values:

$fn = $ln = $e = $p = FALSE;

 

// Check for a first name:

if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) {

$fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']);

} else {

echo '<p class="error">Please enter your first name!</p>';

}

 

// Check for a last name:

if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) {

$ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']);

} else {

echo '<p class="error">Please enter your last name!</p>';

}

 

// Check for an email address:

if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $trimmed['email'])) {

$e = mysqli_real_escape_string ($dbc, $trimmed['email']);

} else {

echo '<p class="error">Please enter a valid email address!</p>';

}

// Check for a password and match against the confirmed password:

if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) {

if ($trimmed['password1'] == $trimmed['password2']) {

$p = mysqli_real_escape_string ($dbc, $trimmed['password1']);

} else {

echo '<p class="error">Your password did not match the confirmed password!</p>';

}

} else {

echo '<p class="error">Please enter a valid password!</p>';

}

 

if ($fn && $ln && $e && $p) { // If everything's OK...

// Make sure the email address is available:

$q = "SELECT user_id FROM users WHERE email='$e'";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

 

if (mysqli_num_rows($r) == 0) { // Available.

 

// Create the activation code:

$a = md5(uniqid(rand(), true));

 

// Add the user to the database:

$q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$a', NOW() )";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

 

// Send the email:

$body = "Thank you for registering at <whatever site>. To activate your account, please click on this link:\n\n";

$body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a";

mail($trimmed['email'], 'Registration Confirmation', $body, 'From: admin@sitename.com');

 

// Finish the page:

echo '<h3>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h3>';

include ('includes/footer.html'); // Include the HTML footer.

exit(); // Stop the page.

 

} else { // If it did not run OK.

echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>';

}

 

} else { // The email address is not available.

echo '<p class="error">That email address has already been registered. If you have forgotten your password, use the link at right to have your password sent to you.</p>';

}

 

} else { // If one of the data tests failed.

echo '<p class="error">Please re-enter your passwords and try again.</p>';

}

mysqli_close($dbc);

} // End of the main Submit conditional.

?>

 

<h1>Register</h1>

<form action="register.php" method="post">

<fieldset>

 

<p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></p>

 

<p><b>Last Name:</b> <input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p>

 

<p><b>Email Address:</b> <input type="text" name="email" size="30" maxlength="80" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> </p>

 

<p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>

 

<p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>

</fieldset>

 

<div align="center"><input type="submit" name="submit" value="Register" /></div>

<input type="hidden" name="submitted" value="TRUE" />

</form>

<?php // Include the HTML footer.

include ('footer.html');

?>

[Rache]

i hope this is the code you were talking about

[Jonathon]

It is yes, but you have a separate config file, can you post that code please?

[Rache]

<?php # Script 16.3 - config.inc.php

/* This script:

* - define constants and settings

* - dictates how errors are handled

* - defines useful functions

*/

 

// Document who created this site, when, why, etc.

 

// ********************************** //

// ************ SETTINGS ************ //

// Flag variable for site status:

define('LIVE', FALSE);

// Admin contact address:

define('EMAIL', 'InsertRealAddressHere');

// Site URL (base for all redirections):

define ('BASE_URL', 'http://www.example.com/');

// Location of the MySQL connection script:

define ('MYSQL', '/path/to/mysqli_connect.php');

// Adjust the time zone for PHP 5.1 and greater:

date_default_timezone_set ('US/Eastern');

// ************ SETTINGS ************ //

// ********************************** //

 

// ****************************************** //

// ************ ERROR MANAGEMENT ************ //

// Create the error handler:

function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) {

// Build the error message.

$message = "<p>An error occurred in script '$e_file' on line $e_line: $e_message\n<br />";

 

// Add the date and time:

$message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br />";

 

// Append $e_vars to the $message:

$message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n</p>";

 

if (!LIVE) { // Development (print the error).

 

echo '<div class="error">' . $message . '</div><br />';

 

} else { // Don't show the error:

 

// Send an email to the admin:

mail(EMAIL, 'Site Error!', $message, 'From: email@example.com');

 

// Only print an error message if the error isn't a notice:

if ($e_number != E_NOTICE) {

echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div><br />';

}

} // End of !LIVE IF.

} // End of my_error_handler() definition.

// Use my error handler.

set_error_handler ('my_error_handler');

// ************ ERROR MANAGEMENT ************ //

// ****************************************** //

?>

[Rache]

thats the config.inc.php , appearently i have another just config.php, but thats just simple database information, like the variable names and the actual connection code.

[Jonathon]

Sorry this is my fault, the mysqli script for your connection - apologies

[Rache]

<?php

$dbhost = 'localhost';

$dbuser = 'admin';

$dbpass = '';

$dbname = 'memberdirectory';

$dbc = mysql_connect ($dbhost, $dbuser, $dbpass, $dbname)

or die ("Couldn't connect to database.");

?>

[Rache]

thats ok I didn't get enough sleep last night so i may be a little slow in understanding some things, forewarning you lol.

[Jonathon]

You're using mysql to connect to the database but then trying to use mysqli_real_escpae_string()

[Rache]

ok let me change it real quik and i'll let you now what happens

[Rache]

is there any other places i need to change it?

[Jonathon]

I didn't check all the code, but if you change

$dbc = mysql_connect ($dbhost, $dbuser, $dbpass, $dbname)

 

$dbc = mysqli_connect ($dbhost, $dbuser, $dbpass, $dbname)

 

 

 

You should stop that error.

[Rache]

ok i changed it but the message is still there.

[Jonathon]

Ok,

 

inside register try this

 

<?php # Script 16.6 - register.php
// This is the registration page for the site.
require_once ('config.inc.php');
$page_title = 'Register';
include ('header.html');
if (isset($_POST['submitted'])) { // Handle the form.
require_once ('mysql_connect.php');

if ($dbc) {
echo 'Connected';
} else {
echo 'Not Connected';
}

 

 

 

Does it say you're connected or not connected

[Rache]

ok after checking it, there was a couple of errors that i saw, one was the 'pass', in the db it was set as 'password' and i changed that, then it said "MySQL Error: Unknown column 'active' in 'field list'" now i dont have the book here in my hands (the library didnt have it there) so i dont know how the database is supposed to look. that may be another problem. how is the database supposed to look like? the table columns

[Jonathon]

Well you can just check your own DB to see what columns are in your table. If it's not in there either add it to the table or just remove 'active' from the mysqli_query

[Rache]

ok i got rid of it from the query, but if i DO want to have my users "activate" their account how do i set up that field in the table? i know the field name is "active", but what is the 'type' varchar? int?

[Jonathon]

It's a 32 character long VARCHAR looking at the code

[Rache]

ok ty for that. the error now reads "An error occurred in script 'C:\xampp\htdocs\register.php' on line 70: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set()" and i have no idea what those files are, let alone where they are. i have heard of them before but never could understand them, in what they do, or how to make them(if they aren't made already).

[Jonathon]

Basically you haven't got the mail server set up for XAMPP You can set it up here using this link http://roshanbh.com.np/2007/12/sending-e-mail-from-localhost-in-php-in-windows-environment.html

 

But if you just comment out the mail() line and check the script works.