This is my first PHP script, to add a user to my website but i keep getting these errors

Cannot send session cache limiter - headers already sent
Cannot modify header information - headers already sent
mysql_num_rows expects parameter 1 to be resource boolean given

I have a basic understanding of what these error messages mean but i just can't place them in my script.
Here's the entire code for the page:

<?php
$username = "";
$password = "";
$errorMessage = "";
$num_rows = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
//get data from forms
$username = $_POST['newusername'];
$password = $_POST['newpassword'];
//check for unwanted tags
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
//get length of username and passowrd
$ulength = strlen($username);
$plength = strlen($password);
//Validate user lengths against required lengths and print apporpriate error messages
if($ulength <= 20){
$errorMessage = "";
}
else {
$errorMessage = $errorMessage. "User name must contain at most 20 characters". "<br/>";
}
if($plength <= 16){
$errorMessage = "";
}
else{
$errorMessage = $errorMessage. "Password must contain at most 16 characters". "<br/>";
}
//if there are no errors then connect to database
if($errorMessage == ""){
$uname = "root";
$pword = "root";
$database = "emusalesdb";
$server = "localhost";
$db_handle = mysql_connect($server, $uname, $pword);
$db_found = mysql_select_db($database,$db_handle);
if($db_found){
//insert injection prevention code here
//check if username already exists
$SQL = "SELECT * FROM tbl_user WHERE username = $username";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);//error here
if($num_rows > 0){
$errorMessage = "Username already exists";
}
else{
$SQL = "INSERT INTO tbl_user (username, password) VALUES ($username, md5($password))";
$result = mysql_query($SQL);
mysql_close($db_handle);
session_start();//error here
$_SESSION['login'] = "1";
header("Location: register_page.php");//error here
}
}
else{
$errorMessage = "Database not found";
}
}
}
?>
<head>
<title> Login - Register</title>
</head>
<!-- BEGIN body -->
<body>
<!-- BEGIN #main -->
<div id="main">
<!-- BEGIN .content -->
<div class="content">

<div class="login_right">
<div class="registerlogo"></div>
<div class="question1 ha" style="margin-top:5px;">Register</div>
<div class="question2 ha" style="margin-top:5px;">Now</div>
<div class="login_text2">Dont have an account? Register NOW it only takes a few minutes</div>

//This is the form i'm working with
<form action= "login-register-page.php" method="POST">
<input type="text" placeholder="Username" name="newusername" value="<?php print $username;?>" class="register_name"/>
<br />
<input type="password" placeholder="Password" name="newpassword" value="<?php print $password;?>" class="register_password"/>
<br />
<input value="Register" name="submitregister" class="register_account" type="submit"/>
</form>
<?php print $errorMessage;?>
</div>

<!-- END .content -->
</div>

<!-- END #main -->
</div>
<!-- END body -->
</body>
<!-- END html -->
</html>
Member Avatar for diafol

session_start();

Place it at the head of the page

header() redirects cannot be executed successfully if you already have output to the page - so any error messages , e,g, from the session_start attempt will prompt an error here too.

I'm assuming that your query is wrong. Add some error checking for that line:

$result = mysql_query($SQL) or die(mysql_error());

(1)--> Put session_start() right at the top of the page, the first line of the page.
(2)--> Replace

$SQL = "SELECT * FROM tbl_user WHERE username = $username";

with

$SQL = "SELECT * FROM tbl_user WHERE username = '$username'"; (Note the quotation marks)

These two should do the trick.

commented: good spot on the quotes +14

The quotation marks solved the mysql_num_rows() error. Thanks
I moved the session_start() to the very top of the page but i'm still getting the same error messages

session_start() - Cannot send session cache limiter - headers already sent
Cannot modify header information - headers already sent

Try replacing

$SQL = "INSERT INTO tbl_user (username, password) VALUES ($username, md5($password))";

with

$password = md5($password);
$SQL = "INSERT INTO tbl_user (username, password) VALUES ('$username', '$password')";

okay.. but i already made these changes afer your first reply. It still gives the same errors

Are you sure there is no whitespace before <?php at the very top of the page?

Yeah there are absolutely no whitespaces before <?php
I was able to solve the header error. It was because i used
<?php require_once ('includes/header.php')?>
before the script but the other error

session_start() - Cannot send session cache limiter - headers already sent
is still present. I don't know why

There is definitely something being output before the script reaches session_start(). Try putting error_reporting(E_ALL) at the very top too, even before session_start();

I started a new project and rewrote the code. Everything works just fine now. Thanks

Member Avatar for diafol

My money is on the BOM, as pritaeas mentioned.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.