Im trying to create a registration and login database using SQL for a website in php

Question

When ever I run the website it returns this error

Warning: Undefined variable $con in \LoginTest\registration.php on line 14

Fatal error: Uncaught TypeError: mysqli_real_escape_string(): Argument #1 ($mysql) must be of type mysqli, null given in \LoginTest\registration.php:14 Stack trace: #0 \LoginTest\registration.php(14): mysqli_real_escape_string(NULL, 'Test') #1 {main} thrown in \LoginTest\registration.php on line 14

This is the code for the registration page

<html>
<meta charset="utf-8">
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_REQUEST['username'])){
        // removes backslashes
    $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
    $username = mysqli_real_escape_string($con,$username); 
    $email = stripslashes($_REQUEST['email']);
    $email = mysqli_real_escape_string($con,$email);
    $password = stripslashes($_REQUEST['password']);
    $password = mysqli_real_escape_string($con,$password);
    $trn_date = date("Y-m-d H:i:s");
        $query = "INSERT into `users` (username, password, email, trn_date)
VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
        $result = mysqli_query($con,$query);
        if($result){
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
?>
<div class="form">
<h1>Registration</h1>
<form name="registration" action="" method="post">
<input type="text" name="username" placeholder="Username" required />
<input type="email" name="email" placeholder="Email" required />
<input type="password" name="password" placeholder="Password" required />
<input type="submit" name="submit" value="Register" />
</form>
</div>
<?php } ?>
</body>
</html>

I've tried a couple of things like altering the code but it only seems to break it more.

`$con` is never set - is it possible there's a function in `db.php` (which is `require`d) that you need to call to initialize the db connection ? Include that if you need further help. There should be a `mysqli_connect` call in `db.php` or in your code above. — Gardener, May 07 '22 at 20:53
Ahh yeah, that would make sense. I was trying to make ```$con``` a function in a different file — ChrisB, May 07 '22 at 20:55
You will likely be admonished for: not hashing passwords; open to sql injection.... — Gardener, May 07 '22 at 20:59
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, May 07 '22 at 21:12
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, May 07 '22 at 21:12

Im trying to create a registration and login database using SQL for a website in php

0 Answers0