Help with PHP registration form

Hi,

I’ve got the following PHP registration form. All works fine when using mysql_real_escape_string but when I used mysqli I get a number of errors and being new to PHP I’m a but unsure of how to fix. I’ve put comments to show which line the errors refeer to. $conn being my database connection.

Error messages
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given on line 27

Warning: mysqli_query() expects at least 2 parameters, 1 given on line 29

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given on line 31

Warning: mysqli_query() expects at least 2 parameters, 1 given on line 35

registration.php


<?php include "db-connection.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Registration page</title>
        <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    <body>
        <div id="main">
            <?php

            function cleanInput($data, $conn) {
                if (get_magic_quotes_gpc()) {
                    $data = stripslashes($data);
                    $data = strip_tags($data);
                    $data = mysqli_real_escape_string($conn, $data);
                } else {
                    $data = strip_tags($data);
                    $data = mysqli_real_escape_string($conn, $data);
                }
                return $data;
            }

            if (!empty($_POST['username']) && !empty($_POST['password'])) {
                $username = cleanInput($_POST['username'], $conn);
                $password = sha1(mysqli_real_escape_string($_POST['password'], $conn));  // line 27

                $checkusername = mysqli_query("SELECT * FROM users WHERE Username = '" . $username . "'");  // line 29

                if (mysqli_num_rows($checkusername) == 1) {  // line 31
                    echo "<h1>Error</h1>";
                    echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
                } else {
                    $registerquery = mysqli_query("INSERT INTO users (Username, Password) VALUES('" . $username . "', '" . $password . "')");   // line 35
                    if ($registerquery) {
                        echo "<h1>Success</h1>";
                        echo "<p>Your account was successfully created. Please <a href=\\"index.php\\">click here to login</a>.</p>";
                    } else {
                        echo "<h1>Error</h1>";
                        echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
                    }
                }
            } else {
                ?>

                <h1>Register</h1>

                <p>Please enter your details below to register.</p>

                <form method="post" action="register.php" name="registerform" id="registerform">
                    <fieldset>
                        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
                        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
                        <input type="submit" name="register" id="register" value="Register" />
                    </fieldset>
                </form>

                <?php
            }
            ?>

        </div>
    </body>
</html>

Thanks in advance.

As the errors indicate, the mysql_ and mysqli_ functions have some differences in the number/type of parameters they want to receive. So you can’t just add a ‘i’ to the mysql_ functions.
Take a look at the manual and see if you can find the answers. If not, feel free to ask again.

http://www.php.net/mysqli_query
http://www.php.net/mysqli_real_escape_string

Thanks for your reply. I’ve read the articles you’ve linked to, but still unsure how to go abouts going it. I’ve tried but broke my code.