imBackk21 imBackk21 - 4 months ago 41
SQL Question

mysqli_query() [function.mysqli-query]: Empty query

I am getting this error when I try to insert the user into the database .

mysqli_query() [function.mysqli-query]: Empty query
. When I take out the
I get this error
mysqli_query() expects at least 2 parameters, 1 given
and i've tried a lot of ways to fix it but it doesn't work . I looked on here the answers are old

This is the code :

$sql = mysqli_query($con ,"INSERT INTO users WHERE username='" . $username . "' AND email='" . $email . "'");

// if insert checked as successful echo username and password saved successfully

echo "Sorry something went wrong. ";


$con = new mysqli("", "username", "password", "database");

// Check connection
if ($con->connect_error) {
die("Check connection.");

if(isset($_GET['Register'])) {
if ($_GET['password'] == $_GET['password2']) {
$username = mysqli_real_escape_string($con, $_GET["username"]);
$password = mysqli_real_escape_string($con, $_GET["password"]); // you don't need password2 any more after this point
$email = mysqli_real_escape_string($con, $_GET["email"]);
// validate and sanitize all of these inputs
// and see that they are not blank at the same time

// Do your MySql here to find the $username and
// bring out result of find in $username_result

$result = mysqli_query($con ,"SELECT * FROM users WHERE username='" . $username . "' AND email='" . $email . "'");

if(mysqli_num_rows($result) > 0)
echo "User exist";
} else {

function encode_email($e) {
for ($i = 0; $i < strlen($e); $i++) { $output .= '&#'.ord($e[$i]).';'; }
return $output;

// it is not in use so put it in

$sql = ("INSERT INTO users username='" . $username . "' AND email='" . $email . "'");

if(mysqli_query($con, $sql)){
// if insert checked as successful echo username and password saved successfully

echo mysqli_error($con);

echo "The passwords do not match."; // and send them back to registration page


You have a syntax error in your sql statement. INSERT statements don't have WHERE clauses. The common form of INSERT statements looks like this:

INSERT INTO users (username, email) VALUES ('test', '');

Also, you're calling mysqli_query() twice. You should remove the first one. Change:

$sql = mysqli_query($con ,"INSERT INTO ...");


$sql = "INSERT INTO ... ";

Additionally, in the procedural style of mysqli_query(), you must pass the handle to the database resource ($con in your example) as the first argument. Change:



if(mysqli_query($con, $sql)){ 


Don't mix the object oriented mysqli interface with the procedural one. Change:

$con = new mysqli(...


$con = mysqli_connect(...

Also, I should mention that your code is vulnerable to SQL injection attacks. Consider using parameterized queries instead to mitigate. See PDO examples in the docs.