imBackk21 imBackk21 - 3 months ago 31
SQL Question

mysqli_query() [function.mysqli-query]: Empty query

I am getting this error when I try to insert the user into the database .

mysqli_query() [function.mysqli-query]: Empty query
. When I take out the
$con
I get this error
mysqli_query() expects at least 2 parameters, 1 given
and i've tried a lot of ways to fix it but it doesn't work . I looked on here the answers are old

This is the code :

$sql = mysqli_query($con ,"INSERT INTO users WHERE username='" . $username . "' AND email='" . $email . "'");

if(mysqli_query($sql)){
// if insert checked as successful echo username and password saved successfully

}else{
echo "Sorry something went wrong. ";
}


register.php:

<?php
$con = new mysqli("mysql9.000webhost.com", "username", "password", "database");

// Check connection
if ($con->connect_error) {
die("Check connection.");
}

if(isset($_GET['Register'])) {
if ($_GET['password'] == $_GET['password2']) {
$username = mysqli_real_escape_string($con, $_GET["username"]);
$password = mysqli_real_escape_string($con, $_GET["password"]); // you don't need password2 any more after this point
$email = mysqli_real_escape_string($con, $_GET["email"]);
// validate and sanitize all of these inputs
// and see that they are not blank at the same time

// Do your MySql here to find the $username and
// bring out result of find in $username_result

$result = mysqli_query($con ,"SELECT * FROM users WHERE username='" . $username . "' AND email='" . $email . "'");

if(mysqli_num_rows($result) > 0)
{
echo "User exist";
} else {

function encode_email($e) {
for ($i = 0; $i < strlen($e); $i++) { $output .= '&#'.ord($e[$i]).';'; }
return $output;
}
echo(encode_email($email));

// it is not in use so put it in

$sql = ("INSERT INTO users username='" . $username . "' AND email='" . $email . "'");

if(mysqli_query($con, $sql)){
// if insert checked as successful echo username and password saved successfully

}else{
echo mysqli_error($con);
}

}
}else{
echo "The passwords do not match."; // and send them back to registration page
}
}
?>

Answer

You have a syntax error in your sql statement. INSERT statements don't have WHERE clauses. The common form of INSERT statements looks like this:

INSERT INTO users (username, email) VALUES ('test', 'test@example.com');

Also, you're calling mysqli_query() twice. You should remove the first one. Change:

$sql = mysqli_query($con ,"INSERT INTO ...");

to

$sql = "INSERT INTO ... ";

Additionally, in the procedural style of mysqli_query(), you must pass the handle to the database resource ($con in your example) as the first argument. Change:

if(mysqli_query($sql)){ 

to

if(mysqli_query($con, $sql)){ 

Update:

Don't mix the object oriented mysqli interface with the procedural one. Change:

$con = new mysqli(...

to

$con = mysqli_connect(...

Also, I should mention that your code is vulnerable to SQL injection attacks. Consider using parameterized queries instead to mitigate. See PDO examples in the docs.