Two issues in my php codes, one in Login.php, one in Register.php code. Two issu

Question

Two issues in my php codes, one in Login.php, one in Register.php code.

Two issues occur when we upload files on 000Webhost. We used 000Webhost to host a database for our advising app project. Project code can be found on Github. My partner uploaded two php files on 000Webhost but he got two errors, we are not sure how to solve it. Here're our php codes.

Github codes for Android Studio: https://github.com/swiftandquick/AdvisingApp

Register.php

<?php
$con = mysqli_connect("localhost", "id951876_advisingappadmin", "abc12345", "id951876_advisingapp");
if ( !$con ) {
die( 'connect error: '.mysqli_connect_error() );
}
$username= mysql_real_escape_string($con,$_POST['username']);
$password= $_POST['password'];
  
$confirm_password= $_POST['password'];
$name= ( isset($_POST['name']) ) ? $_POST['name'] : '';
$email= ( isset($_POST['email']) ) ? $_POST['email'] : '';
$major= ( isset($_POST['major']) ) ? $_POST['major'] : '';
$starting_year = ( isset($_POST['starting_year']) ) ? $_POST['starting_year'] : '';
$status= ( isset($_POST['status']) ) ? $_POST['status'] : '';
$statement = mysqli_prepare($con, "INSERT INTO user (username, password, confirm_password, name, email, major, starting_year, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "ssssssis", $username, $password, $confirm_password, $name, $email, $major, $starting_year, $status);
mysqli_stmt_execute($statement);
  
$response = array();
$response["success"] = true;
  
echo json_encode($response);
?>

Errors in Register.php:

Uncaught Error: Call to undefined function mysql_real_escape_string() in /storage/h4/876/951876/public_html/Login.php:4 Stack trace: #0 {main} thrown in /storage/h4/876/951876/public_html/Login.php on line 4

Login.php

<?php
$con = mysqli_connect("localhost", "id951876_advisingappadmin", "abc12345", "id951876_advisingapp");
  
$username= mysql_real_escape_string($con,$_POST['username']);
$password= $_POST['password'];
  
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
if(!statement)
echo "error:";
else
{
mysqli_stmt_bind_param($statement, "ss", $username, $password);
mysqli_stmt_execute($statement);
  
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $user_id, $username, $password, $confirm_password, $name, $email, $major, $starting_year, $status);
  
$response = array();
$response["success"] = false;
  
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["username"] = $username;
$response["password"] = $password;
$response["confirm_password"] = $confirm_password;
$response["name"] = $name;
$response["email"] = $email;
$response["major"] = $major;
$response["starting_year"] = $starting_year;
$response["status"] = $status;
}
}
echo json_encode($response);
?>

Login.php errors:

Uncaught Error: Call to undefined function mysql_real_escape_string() in /storage/h4/876/951876/public_html/Register.php:6 Stack trace: #0 {main} thrown in /st

TL;DR:

Read the codes above.

Login.php error at line 4.

Register.php error at line 6.

Anyone care to help out?

Explanation / Answer

mysql_real_escape_string() is used to escape some dangeroud characters in the string so that attacker may not easily perform a sql injection.

Since PHP 5.5, this function has been deprecated. And after PHP7, it is now completely removed. You have to use mysqli_ or PDO.

To fix your code, change the

to

------------------------------------------

Hope it helps.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.