-3
Fatal error: Uncaught Error: Call to undefined function mysql_error() in C:\xampp\htdocs\Project\POLIMAS Treatment Center\POLIMAS Treatment Center\student\student-appoiment.php:17 Stack trace: #0 {main} thrown in C:\xampp\htdocs\Project\POLIMAS Treatment Center\POLIMAS Treatment Center\student\student-appoiment.php on line 17

It is stated that I may have an error on line 17, or maybe upwards, however I cannot identify where the problem lies.

<?php
require('../database.php');
include("auth-student.php");

$status = "";
if(isset($_POST['new']) && $_POST['new']==1)
{
  $appID = $_REQUEST['appID'];
  $appDate = date("Y-m-d H:i:s");
  $appSickType = $_REQUEST['appSickType'];
  $appNote = $_REQUEST['appNote'];
  $matricsNo = $_REQUEST['matricsNo'];
  $appStatus = $_REQUEST['appStatus'];
  $submittedby = $_SESSION["matricsNo"];
  $ins_query = "INSERT INTO appointment
  (appID, appDate, appSickType, appNote, matricsNo, appStatus, submittedby) values('$appID','$appDate','$appSickType','$appNote','$matricsNo','$appStatus','$submittedby')";
  mysqli_query($link,$ins_query) or die (mysql_error());
  $status = "New Record Inserted Successfully.</br></br><a href='view.php'>View Inserted Record</a>";
}
?>

I have read somewhere that I should add a variable inside the 'mysql_error()', for example mysql_error($con), but the error is still present, I tried changing msql to mysqli, and it seems to not change. Is it $ins_query that is causing the error? Or perhaps the other variables, such as $appID, $appDate, $appSickType?

a.Amé
  • 1
  • 1
  • 1
    Does this answer your question? [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) - TLDR; You can't use `mysql_*` functions (which was deprecated in PHP 5.5 and completely removed in PHP 7) together with `mysqli_*`. Those are two completely different extensions/API's. – M. Eriksson May 18 '22 at 11:10
  • `I cannot identify where the problem lies`...which part of "undefined function" was confusing you? Also did you think of googling the error? Yes it's `mysqli_`, not `mysql_`. And yes, it requires the connection variable to be passed in. `I have read somewhere`....where? Did it occur to you to simply [read the manual](https://www.php.net/manual/en/mysqli.error.php)? – ADyson May 18 '22 at 11:12
  • 3
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson May 18 '22 at 11:12
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 18 '22 at 11:12
  • 1
    Also: enable error reporting: add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli` errors to generate an Exception that you can see on the browser as well as normal PHP errors, without you needing to repetitively use mysqli_error to check after every command. See also [mysqli or die, does it have to die?](https://stackoverflow.com/questions/15318368/mysqli-or-die-does-it-have-to-die). The technique you are using is archaic and inefficient. – ADyson May 18 '22 at 11:15

0 Answers0