MySQL error 2002 when use INSERT INTO

Question

I have a problem with mysql. When I execute this, that give me an error: No such file or directory 2002, but SELECT query work perfect and print typ on the screen. What can I solve this problem?

<?php
$con=mysqli_connect("db4free.net","****","****","*****");
if (mysqli_connect_errno($con))
{
   echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$username = $_GET['username'];
$password = $_GET['password'];
$result = mysqli_query($con,"SELECT Typ FROM Uzytkownik where Login='$username' and Haslo='$password'");

$row = mysqli_fetch_array($result);
$data = $row[0];
if($data){
echo $data;
}

$que =  "INSERT INTO Uzytkownik VALUES ('10','tr','t','a')";
if( !mysql_query($que) ) {
     echo  "ERROR!!: ".mysql_error().mysql_errno() ;
}
mysqli_close($con);
?>

Result of this:

testERROR!!: No such file or directory2002

EDIT Sorry, I pasted wrong code, but it was already changed

Answer 1

You cannot mix mysqli_* functions with mysql_* functions.

replace this:

if( !mysql_query($que) ) {
     echo  "ERROR!!: ".mysql_error().mysql_errno() ;
}

with

if( !mysqli_query($con, $que) ) {
     echo  "ERROR!!: ".mysqli_error($con) ;
}

Answer 2

In the insert query you should tell which columns you're inserting into.

$que = "INSERT INTO Uzytkownik(col1, col2, col3, col4) VALUES ('10','tr','t','a')";

Also note that most of your queries are vulnerable to sql-injections, you should use prepared statements to protect your code.

Example: Your select query looks like this:

"SELECT Typ FROM Uzytkownik where Login='$username' and Haslo='$password'".

If I were a user I could get in without using a password, by ending the sql statement within the username or within the password, I could drop the table and I could even drop the entire database if I were a blackhat in a bad mood.

Using prepared statements means that instead of using user-input-provided values you replace the user inputs with VALUES(?, ?) and then you can bind parameters that will then be executed and replace the placeholders.

Using PDO allows you to use named paramters, you should take a look at that.

Also note that you're mixing mysql_* and mysqli_* which are not the same library of functions, stick to one (otherwise it simply won't work) and mysqli_* is way better since mysql_* is deprecated. This could be causing your problem.