[RESOLVED] Problem with mysqli_real_escape_string

Awestruck

In my registration page When I try to register a new person with the registration page I get this Notice/Warning message:

// Create a connection to the logindb database. // Set the encoding and the access details as constants: DEFINE ('DB_USER', 'william'); DEFINE ('DB_PASSWORD', 'kat0nlap'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'logindb'); // Make the connection: $dbcon = new mysqli('DB_HOST', 'DB_USER', 'DB_PASSWORD', 'DB_NAME'); // Set the encoding...optional but recommended mysqli_set_charset($dbcon, 'utf8');

Notice: Undefined variable: dbcon in C:\xampp\htdocs\login\register-page.php on line 36

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\login\register-page.php on line 36

The notice/warning is repeated for each element where mysqli_real_escape_string is used.

The relevant first section of the registration page is as follows:

<!doctype html>
<html lang=en>
<head>
<title>Register page</title>
<meta charset=utf-8>
<link rel="stylesheet" type="text/css" href="styles.css">
<style type="text/css">
p.error { color:red; font-size:105%; font-weight:bold; text-align:center; }
</style>
</head>
<body>
<div id="container">
<header>
<?php include("register-header.php"); ?>
</header>
<nav>
<?php include("nav.php"); ?>
</nav>
<aside>
<?php include("info-col.php"); ?>
</aside>
<div id="content">
<p>
<?php
// This script performs an INSERT query that adds a record to the users table.
// If the form was filled out the PHP code is executed
if ($SERVER['REQUEST_METHOD'] == 'POST') {
try { // moved here for escape_strings
require ('mysqli_connect.php'); // moved for require escape strings
$errors = array(); // Initialize an error array.
// --------------------Validate first name-------------
// Was the first name entered?
if (empty($POST['fname'])) {
$errors[] = 'You did not enter your first name.';
}
else { $fn = mysqli_real_escape_string($dbcon, trim($_POST['fname']));
}

Weedpacket

When posting code, please use the code formatting tags to format your post to make it easier to read.

The error messages are saying that [font=monospace]$dbcon[/font] is not defined. Check that.

Awestruck

Hello Weedpacket

Many thanks for your prompt reply.

The $dbcon is defined, and this is what is so frustrating.

It is defined in the file named mysqli_connect.php which contains the following code:

// Create a connection to the logindb database.
// Set the encoding and the access details as constants:
DEFINE ('DB_USER', 'william');
DEFINE ('DB_PASSWORD', 'kat0nlap');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'logindb');
// Make the connection:
$dbcon = new mysqli('DB_HOST', 'DB_USER', 'DB_PASSWORD', 'DB_NAME');
// Set the encoding...optional but recommended
mysqli_set_charset($dbcon, 'utf8');

The file is then invoked in the registration page in the line:

// This script performs an INSERT query that adds a record to the users table.
// If the form was filled out the PHP code is executed
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
try { // moved here for escape_strings
require ('mysqli_connect.php'); // moved for require escape strings

Best wishes
Awestruck

NogDog

Is the definition working?

// Make the connection:
$dbcon = new mysqli('DB_HOST', 'DB_USER', 'DB_PASSWORD', 'DB_NAME');
// did it work?
if($dbcon == false){
    die("DB connection failed: ".mysqli_connect_error());
}

You could make more user-friendly error-reporting, but this will at least let you know if that's where the problem is.

NogDog

Oh...wait...you define your connection parameters as constants but use them as strings. Don't quote constants:

// Make the connection:
$dbcon = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

PS: Make sure you change your DB password since you've shown it here. 😉

pbismad

If the output you are seeing on the web page contains the raw content of the mysqli_connect.php file, that file most likely doesn't contain an opening <?php tag.

Awestruck

Many thanks NogDog and pbismad,

A combination of your two replies solved the problem.

Another problem has now occurred further down the code for the registration page.
I will get back to you on that tomorrow.

The password I displayed in the above code is not the actual password.

Best wishes
Awestruck

dalecosp

Weedpacket;11063527 wrote:
When posting code, please use the code formatting tags to format your post to make it easier to read.

Awestruck;11063529 wrote:
Hello Weedpacket

Many thanks for your prompt reply.

The $dbcon is defined, and this is what is so frustrating.

It is defined in the file named mysqli_connect.php which contains the following code:

// Create a connection to the logindb database.
// Set the encoding and the access details as constants:
DEFINE ('DB_USER', 'william');
DEFINE ('DB_PASSWORD', 'kat0nlap');
DEFINE ('DB_HOST', 'localhost');

And for the record, here at PHPBuilder those tags are [noparse]

for PHP code and

[/noparse] for other languages/systems.