[RESOLVED] mysqli_query error

finisher1017

I am recieving the following error when submitting a user registration form.

Warning: mysqli_query() expects parameter 1 to be mysqli, string given

Below is the code I'm using.

$new_user=$POST['username'];
$new_pass=$POST['password'];
$conf_new_pass=$POST['confirm_password'];
$new_lastname=$POST['lastname'];
$new_firstname=$POST['firstname'];
$new_street=$POST['street'];
$new_city=$POST['city'];
$new_state=$POST['state'];
$new_zip=$POST['zip'];
$new_email=$POST['email'];
$new_phone=$POST['phone'];
$new_fax=$POST['fax'];

//form to process user registration
$sql = "INSERT INTO members (loginName, password, lastName, firstName)
VALUES ('$new_user','$new_pass', '$new_lastname', '$new_firstname')";

//if (!mysqli_query($sql,$cxn))
//{
//die('Error: ' . mysqli_error($sql));
//}

if (empty($new_user)) { echo "username required"; exit;}
if (empty($new_pass)) { echo "password required"; exit;}
if (empty($new_email)) { echo "email required"; exit;}
if (!filter_var($new_email , FILTER_VALIDATE_EMAIL)) {
echo "Invalid Email"; exit;
}
if ($new_pass != $conf_new_pass) { echo "passwords don't match"; exit;}

else { mysqli_query($sql, $cxn); }

mysqli_close($cxn)

Weedpacket

mysqli_query($sql, $cxn);

You've got your arguments back to front (see [man]mysqli_query[/man]).

bradgrafelman

In addition, note that user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data such as with a function like [man]mysqli_real_escape_string/man (for string data) or use prepared statements.

finisher1017

It works now! Thanks.