i'm working on project buddy of mine , want write our database calls in mysqli. i'm new , i've used mysql commands know out of date @ point. keep getting call member function query() on non-object on line 30
if ($mysqli->query($sql)) {
command. please point me in right direction this? i've tried looking in w3 schools. here entire code:
// if form submitted, insert table. if (isset($_post["submit"])) { // define $username , $password. $username = $_post['user_username']; $password = $_post['user_password']; // protect them mysql injection. $username = stripslashes($username); $password = stripslashes($password); $username = mysqli_real_escape_string($db, $username); $password = mysqli_real_escape_string($db, $password); $password = md5($password); // run queries. if ($_files["user_image"]["error"] > 0) { //bad output form results red text echo "<font size = '5'><font color=\"#e31919\">error: no chosen file <br />"; echo"<p><font size = '5'><font color=\"#e31919\">insert database failed"; } else { move_uploaded_file($_files["user_image"]["tmp_name"],"uploads/" . $_files["user_image"]); $file="uploads/".$_files["user_image"]; $image_title = addslashes($_request['user_image']); $sql="insert users (user_fname, user_lname, user_image, user_phone, user_cell, user_email, user_username, user_password) values ('$_post[user_fname]', '$_post[user_lname]', '$_post[user_image]', '$_post[user_phone]', '$_post[user_cell]', '$_post[user_email]', '$username', '$password')"; if ($mysqli->query($sql)) { die('error: ' . $mysqli->error); } //good output form results green text echo ' <form enctype="multipart/form-data" action="insert_image.php" method="post" name="changer"> <div style="padding:10px;"> <h2 style="font-size: 28px;">success!</h2> <p style="font-size: 18px;">your file has been uploaded!</p> </div> </form>'; } }
thanks!
here's non-object $_post[user_image]
in values, used $_files["user_image"]
everywhere else there's no input anywhere in posted code. we're dealing file here , not text input.
i.e.: <input type="file" name="user_image">
- only you know that.
plus, need use connection variable you're using, if it's $db
, or $mysqli
, if connected database, or chose right database , table.
- again, you know that.
then this:
$image_title = addslashes($_request['user_image']);
you should use $_files
, not $_request
, since implies may using method in unshown "other" form.
reference:
references:
- http://php.net/manual/en/mysqli.query.php
if using pdo connect http://php.net/manual/en/pdo.error-handling.php
and use error handling fits connection. consult edit below.
also make sure folder you're wanting upload to, has right permissions write it.
add error reporting top of file(s) find errors.
<?php error_reporting(e_all); ini_set('display_errors', 1); // rest of code
sidenote: displaying errors should done in staging, , never production.
also use var_dump();
, echo , viewing html source additional tools during debugging process.
additional notes:
if you're wanting upload data binary data in table, make sure you're using correct type.
such tinyblob, blob, mediumblob, , longblob.
another "only know that".
reference:
as stated matt in comments:
and $file="uploads/".$_files["user_image"];
should changed $file="uploads/".$_files["user_image"]['name'];
changing both instances of "uploads/" . $_files["user_image"]
"uploads/".$_files["user_image"]['name']
consult manual on move_uploaded_file()
:
passwords.
i noticed using md5 password hashing function. function no longer considered safe use.
use 1 of following:
- crypt_blowfish
crypt()
bcrypt()
scrypt()
- on openwall
- pbkdf2
- pbkdf2 on php.net
- php 5.5's
password_hash()
function. - compatibility pack (if php < 5.5) https://github.com/ircmaxell/password_compat/
other links:
important sidenote column length:
if , when decide use password_hash()
or crypt, important note if present password column's length lower 60, need changed (or higher). manual suggests length of 255.
you need alter column's length , start on new hash in order take effect. otherwise, mysql fail silently.
edit:
seeing 1 of questions:
i noticed pdo syntax $row = $stmt->fetch(pdo::fetch_assoc);
, mixing mysql_
functions $image = mysql_query...
.
this tells me may still mixing mysql apis. if connection pdo, cannot intermix different apis. must use same 1 connecting query.
consult following on stack:
pdo mysql_
- invalid
pdo mysqli_
- invalid
mysql_
mysqli_
- invalid
Comments
Post a Comment