Help with PHP registration form


I’ve got the following PHP registration form. All works fine when using mysql_real_escape_string but when I used mysqli I get a number of errors and being new to PHP I’m a but unsure of how to fix. I’ve put comments to show which line the errors refeer to. $conn being my database connection.

Error messages
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given on line 27

Warning: mysqli_query() expects at least 2 parameters, 1 given on line 29

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given on line 31

Warning: mysqli_query() expects at least 2 parameters, 1 given on line 35


<?php include "db-connection.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="">
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Registration page</title>
        <link rel="stylesheet" href="style.css" type="text/css" />
        <div id="main">

            function cleanInput($data, $conn) {
                if (get_magic_quotes_gpc()) {
                    $data = stripslashes($data);
                    $data = strip_tags($data);
                    $data = mysqli_real_escape_string($conn, $data);
                } else {
                    $data = strip_tags($data);
                    $data = mysqli_real_escape_string($conn, $data);
                return $data;

            if (!empty($_POST['username']) && !empty($_POST['password'])) {
                $username = cleanInput($_POST['username'], $conn);
                $password = sha1(mysqli_real_escape_string($_POST['password'], $conn));  // line 27

                $checkusername = mysqli_query("SELECT * FROM users WHERE Username = '" . $username . "'");  // line 29

                if (mysqli_num_rows($checkusername) == 1) {  // line 31
                    echo "<h1>Error</h1>";
                    echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
                } else {
                    $registerquery = mysqli_query("INSERT INTO users (Username, Password) VALUES('" . $username . "', '" . $password . "')");   // line 35
                    if ($registerquery) {
                        echo "<h1>Success</h1>";
                        echo "<p>Your account was successfully created. Please <a href=\\"index.php\\">click here to login</a>.</p>";
                    } else {
                        echo "<h1>Error</h1>";
                        echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
            } else {


                <p>Please enter your details below to register.</p>

                <form method="post" action="register.php" name="registerform" id="registerform">
                        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
                        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
                        <input type="submit" name="register" id="register" value="Register" />



Thanks in advance.

As the errors indicate, the mysql_ and mysqli_ functions have some differences in the number/type of parameters they want to receive. So you can’t just add a ‘i’ to the mysql_ functions.
Take a look at the manual and see if you can find the answers. If not, feel free to ask again.

Thanks for your reply. I’ve read the articles you’ve linked to, but still unsure how to go abouts going it. I’ve tried but broke my code.