-3

I am trying to upload information to a database. The page I created is a registration page where users can type in their email username and password. The below code is the database connection and upload code I have written. But I keep getting the above error. Can someone tell me what I am missing, please?

<?php 

 $db_host=
 $db_username=
 $db_pass=
 $db_name=
 
 $connectToServer =mysqli_query($host,$db_username,$db_pass) or die("server problem");
 $selectDb =mysqli_select_db($connectToServer,$db_name) or die("database not found");

if(isset($_POST['submit'])) {
 $username=$_POST['username'];
 $email=$_POST['eml'];
 $password =$_POST['password'];
 
 if(!empty($username)&&!empty($email)&&!empty($password)) {
  $username = striplashes($username);
  $email=striplashes($email);
  $password=striplashes($password);
  $username = mysql_real_escape_string($connectToServer,$username);

  $selectTable = "SELECT * FROM user_info WHERE username='$username'"
  $query = mysqli_query($connectToServer,$selectTable);
  $insert = "INSERT INTO user_info (username, email, password) VALUES ($username, $eml, $password)"
  $mquery = mysqli_query($connectToServer,,$insert);
  if ($mquery) {
  session_start();
  $_SESSION['login_user'] =$username ; 
  header("Location ; profile.php");
  }
  
 }
 else {
  echo <script>('please enter details')</script>;
  header("Location: register.html");
 }
}


?>
Alex W
  • 1
  • 1
    Another relevant post: [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/q/17498216/354577) – Chris Aug 20 '18 at 00:17
  • And [Best way to defend against mysql injection and cross site scripting](https://stackoverflow.com/q/568995/354577) – Chris Aug 20 '18 at 00:18
  • Please don't _ever_ store plaintext passwords! Passwords need to be properly hashed: use [`password_hash()`](https://secure.php.net/manual/en/function.password-hash.php) and [`password_verify()`](https://secure.php.net/manual/en/function.password-verify.php) instead. – Chris Aug 20 '18 at 00:20
  • 1
    That isn't the only wrong with your code. Once you've fixed *that* one, you'll see more and about your query. – Funk Forty Niner Aug 20 '18 at 00:34
  • Oh and mixing mysql apis won't work. Edit: as @Chris mentioned. – Funk Forty Niner Aug 20 '18 at 00:35
  • @Chris I added that one in the dupe list and another for the string literals not being quoted. – Funk Forty Niner Aug 20 '18 at 00:37

1 Answers1

-1

You are missing a semi-colon on line 22:

$selectTable = "SELECT * FROM user_info WHERE username='$username'"; // <- here

Same for line 24.

You have an extra comma on line 25... And you are missing double-quotes on line 34...

Guillaume Boudreau
  • 2,371
  • 26
  • 26