My code:
<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
//Get MD5 hash of password
$password = md5($_POST['password']);
//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if (mysql_num_rows($sql)>0)
{
die ("Username taken.");
}
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error());
}
?>
My error is occuring on line 16, "if (mysql_num_rows($sql)>0)"
Another similar error is occuring in my database PHP
<?php
session_start();
mysql_connect("-", "-", "-");
mysql_select_db("mydb");
function user_login ($username, $password)
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '".$username."' AND password = '".$password."' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows<=0 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['username'] = $username;
}
}
?>
Error here is "$rows = mysql_num_rows($sql);"
And yes, I know mySQL login is blank, I did that myself.