0

Been trying to figure this out for days now. I've seen a lot of similar questions to this but their solutions didn't work for me. I just keep getting: http://###/###/register.php?error=sqlerror

My database tables are as follows:

address: AddressID, HouseNumber, Street, TownCity, Postcode

groups: GroupID, GroupName

role: RoleID, Role

users: UserID, FirstName, LastName, AddressID(FK), Phone, Email, Password, RoleID(FK), GroupID(NULL)(FK)

This is what I have so far...

 <?php
    $user = "###";
    $pw = "###";
    $server = "###";
    $db = "###";

    $conn = new mysqli($server, $user, $pw, $db);
    if ($conn->connect_error) {
        echo $conn->connect_error;
    }

<?php
if (isset($_POST['register-submit'])) {

    require 'connect.inc.php';

    $FirstName = $_POST['FirstName'];
    $LastName = $_POST['LastName'];
    $HouseNumber = $_POST['HouseNumber'];
    $Street = $_POST['Street'];
    $TownCity = $_POST['TownCity'];
    $Postcode = $_POST['Postcode'];
    $Phone = $_POST['Phone'];
    $Email = $_POST['Email'];
    $Password = $_POST['Password'];
    $PasswordRepeat = $_POST['Password-Repeat'];

    if (empty($FirstName)
        || empty($LastName)
        || empty($HouseNumber)
        || empty($Street)
        || empty($TownCity)
        || empty($Postcode)
        || empty($Phone)
        || empty($Email)
        || empty($Password)
        || empty($PasswordRepeat)) {
        header("Location: ../register.php?error=empty_fields&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone . "&Email=" . $Email);
        exit();

// Valid Email Check
    } else if (!filter_var($Email, FILTER_SANITIZE_EMAIL)) {
        header("Location: ../register.php?error=invalid_email&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);
        exit();
    } else if (!filter_var($Email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../register.php?error=invalid_email&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);
        exit();

// Password Match Check
    } else if ($Password !== $PasswordRepeat) {
        header("Location: ../register.php?error=check_password&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);
        exit();

// Email Already Exists Check
    } else {
        $sql = "SELECT Email FROM users WHERE Email = ?";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../register.php?error=sqlerror");
            exit();

        } else {
            mysqli_stmt_bind_param($stmt, 's', $Email);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            $resultCheck = mysqli_stmt_num_rows($stmt);
            if ($resultCheck > 0) {
                header("Location: ../register.php?error=email_already_registered&FirstName=" . $FirstName . "&LastName=" . $LastName . "&HouseNumber=" . $HouseNumber . "&Street=" . $Street . "&TownCity=" . $TownCity . "&Postcode=" . $Postcode . "&Phone=" . $Phone);
                exit();
            } else {
                // INSERT INTO address
                $sql = "INSERT INTO address (HouseNumber, Street, TownCity, Postcode) VALUES (?, ?, ?, ?)";
                $stmt = $conn->mysqli_stmt_init($sqlinsert);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../register.php?error=sqlerror=insert_into_address");
                    exit();
                } else {
                    mysqli_stmt_bind_param($stmt, "ssss", $HouseNumber, $Street, $TownCity, $Postcode);
                    mysqli_stmt_execute($stmt);
                    $latest_id = $conn->insert_id;
                    echo "Insert successful. Latest ID is: " . $latest_id;

                }

                // INSERT INTO users
                $sql = "INSERT INTO users (FirstName, LastName, AddressID, Phone, Email, Password) VALUES (?, ?, '$latest_id', ?, ?, ?)";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../register.php?error=sqlerror=insert_into_users");
                    exit();
                } else {
                    $hashedPassword = password_hash($Password, PASSWORD_DEFAULT);
                    mysqli_stmt_bind_param($stmt, "ssisss", $FirstName, $LastName, $AddressID, $Phone, $Email, $hashedPassword);
                    mysqli_stmt_execute($stmt);
                    header("Location: ../register.php?registered=true");
                    exit();
                }
            }
        }
    }

    mysqli_stmt_close($stmt);
    mysqli_close($conn);
}
rmcgrath11
  • 3
  • 4
  • `mysqli_stmt_bind_param($stmt, "s, '$Email'")` is an error. See https://www.php.net/manual/en/mysqli-stmt.bind-param.php and use error reporting going forward. Should be `mysqli_stmt_bind_param($stmt, 's', $Email)` – user3783243 Apr 22 '20 at 00:17
  • Thanks for that, appreciate the link for the error reporting. Unfortunately I'm still getting the same sqlerror though. – rmcgrath11 Apr 22 '20 at 00:37
  • Update the question with edited code. – user3783243 Apr 22 '20 at 02:04
  • try this small code if occur the same error: $conn = new mysqli($server, $user, $pw, $db); if ($conn->connect_error) { echo $conn->connect_error; } $sql = "SELECT Email FROM users WHERE Email = ?"; echo $sql; $stmt = mysqli_stmt_init($conn); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../register.php?error=sqlerror"); exit(); } – Antonio Abrantes Apr 22 '20 at 02:07
  • if in this small code occur the same error the problem is in your users table – Antonio Abrantes Apr 22 '20 at 02:09
  • Thanks @AntonioAbrantes, the problem is in my users table. I think the issue may be with retrieving the latest_id but I haven't a clue where I'm going wrong. – rmcgrath11 Apr 22 '20 at 09:33
  • @user3783243 My question is now closed but the link you provided doesn't answer my question. – rmcgrath11 Apr 22 '20 at 09:42
  • With no error reporting it does. You won't get errors. Please update the question showing your error reporting usage and what the behavior of the application is after adding it. – user3783243 Apr 22 '20 at 12:24

0 Answers0