I am creating a user registration system, and I am at the point where I start modifying the database i get the error
"Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /opt/lampp/htdocs/Projectss/01_sarah/index.php on line 41
"
I have tried using every single method in php documentation concerning adding data to the database
here is some code
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES('$first_name','$last_name','$email','$hash_password')";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo mysqli_error($conn);
}
$stmt->bind_param('ssss', $query);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
}
The expected result should is to not receive any warning after saving the information to the database
You're passing complete query in the bindParam and also passing the values in the query instead of this you need to pass the parameters in the bindParam like this..
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES(?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$stmt->bind_param('ssss', $first_name, $last_name, $email, $hash_password);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 3 years ago.
The problem I am facing is that I am not able to take the users id and send it through.
Here is the code.
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
$stmt = $con->('SELECT id from tblusers where user=?');
$user=$_POST['username'];
$stmt->bind_param('s' $user);
$stmt->execute();
$stmt -> bind_result($id);
$stmt = $con->prepare('INSERT INTO tblbtc (id) VALUES (?)');
$stmt->bind_param('i', $id);
$stmt->execute();
header('location: ../../home/index.php');
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
}
$stmt->close();
}
Here is also a error message I get
Parse error: syntax error, unexpected '(', expecting identifier (T_STRING) or variable (T_VARIABLE)
This code down below works without the two extra added mysql statements.
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
header('location: ../../home/index.php');
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
}
$stmt->close();
}
The expected results of this code it to create the user which works and then to take the users id and also create columns on the tblbtc with the userid/.
You can get the inserted user id using mysqli::inserted_id
see the code below
<?php
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
$user_id = $stmt->insert_id;
if($user_id)
{
$stmt = $con->prepare('INSERT INTO tblbtc (id) VALUES (?)');
$stmt->bind_param('i', $user_id);
$stmt->execute();
header('location: ../../home/index.php');
}
else{
echo ('Could not prepare statement!');
}
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
$stmt->close();
This question already has answers here:
MySQLi prepared statements error reporting [duplicate]
(3 answers)
Closed 4 years ago.
I had a false redirect. But the system won't let me delete the question
I have a website with a register page. In the backend is a SQL database, but while UPDATE and SELECT work, INSERT doesn't. IT also doesn't give me any errors.
The code which makes the INSERT statement looks as follows:
$username = "peter";
$pwhash = password_hash($password, PASSWORD_DEFAULT);
$role = "publisher";
$locked = "false";
//Prepare SQL Query
$sql = "insert into user(username, password, role, locked)";
$sql .= " VALUES (?, ?, ?, ?);";
//Reuire SQL Connection
require "db_inc.php";
//Prepare stmt
$stmt = mysqli_prepare($con, $sql);
//Bind Parameters
mysqli_stmt_bind_param($stmt, 'ssss',
$username,
$pwhash,
$role,
$locked);
//Execute SQL
mysqli_stmt_execute($stmt);
mysqli_close($con);
The SQL database looks like this:
What am I doing wrong? The $con connection is correct, as it workes on the SELECT and UPDATE querys.
Have you tried capitalizing 'insert'? And try changing '$locked = "false";' to'$locked = 0';
I have try to use ODBC to insert data. However, it does not work
This is my code. How can I solve the problem?
<?php
if(isset($_POST['submit']))
{ $ContactPersonID=$_POST['ContactPersonID']
$FirstName=$_POST['First name'];
$LastName=$_POST['Last name'];
$PhoneNumber=$_POST['PhoneNumber'];
$RestaurantID=$_POST['RestaurantID'];
echo $ContactPersonID ." ".$FirstName." ".$LastName." ".$PhoneNumber." ".$PhoneNumber." ".$RestaurantID ;
$con=odbc_connect("Online Food Delivery Database","", "");
$sql="INSERT INTO RestaurantPeopleContact
(ContactPersonID,FirstName,LastName,PhoneNumber,RestaurantID)
VALUES ('$ContactPersonID','$FirstName','$LastName','$FirstName','$PhoneNumber','$RestaurantID')";
if(odbc_exec($con,$sql))
{
echo "Data saved.";
}
else
{
echo "Error";
}
}
?>
You are inserting twice the firstname.
By this reason, the columns declaration doesnt match with the number of variables
Consider using PHP's PDO for the MS Access connection, a better handler to pass parameters and raise needed exceptions and of course to avoid SQL injection especially from web input. You may need to initialize PDO in your .ini file.
Also, ContactPersonID and RestaurantID might be integer values but you look to be quoting them. Parameters help in defining needed data types without worrying about quote enclosures or messy string concatenation.
$ContactPersonID = $_POST['ContactPersonID']
$FirstName = $_POST['First name'];
$LastName = $_POST['Last name'];
$PhoneNumber = $_POST['PhoneNumber'];
$RestaurantID = $_POST['RestaurantID'];
$database = "C:\Path\To\Database\Online Food Delivery Database.accdb";
# PREPARED STATEMENT WITH PLACEHOLDERS
$sql = "INSERT INTO RestaurantPeopleContact
(ContactPersonID, FirstName, LastName, PhoneNumber, RestaurantID)
VALUES (?, ?, ?, ?, ?)";
try {
$dbh = new PDO("odbc:DSN=MS Access Database;DBq=$database;");
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sth = $dbh->prepare($sql);
# BIND PARAMETERS
$sth->bindParam(1, $ContactPersonID, PDO::PARAM_INT);
$sth->bindParam(2, $FirstName, PDO::PARAM_STR);
$sth->bindParam(3, $LastName, PDO::PARAM_STR);
$sth->bindParam(4, $PhoneNumber, PDO::PARAM_STR);
$sth->bindParam(5, $RestaurantID, PDO::PARAM_INT);
$sth->execute();
}
catch(PDOException $e) {
echo $e->getMessage()."\n";
}
# close the connection
$dbh = null;
I want to perform a select query on my users table with sqli in php.
For security reasons (sql injection) i want to do it using parameter(s).
Also i want to store the result in a php variable.
This is my code:
the $conn variable is filled in correctly.
$login = $_POST['username'];
//Check if username is available
/*Line44*/ $stmt = $conn->prepare("SELECT login FROM users WHERE login = ?");
/*Line45*/ $stmt->bind_param('s', $login);
$result = $stmt->execute();
if ($result->num_rows > 0)
{
echo "This username is in use.";
}
else
{
//Add account to database
$stmt = $conn->prepare("INSERT INTO users (login, password, email, gender) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $login, $md5pass, $email, $gender);
$stmt->execute();
$stmt->close();
echo "<font color=\"#254117;\">Your account is succesfully geregistered! <br />U can now login!</font>";
}
I get this error:
Warning: mysqli::prepare() [mysqli.prepare]: Couldn't fetch mysqli in
C:\xampp\htdocs\cammerta\registreer.php on line 44
Fatal error: Call to a member function bind_param() on a non-object in
C:\xampp\htdocs\cammerta\registreer.php on line 45
I hope someone can provide an solution and explain to me what i did wrong.
Thanks in advance!
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);
$stmt->execute();
Plus
1.Please run query in phpmyadmin or any program
2.Maybe you not set variables. $login, $md5pass, $email, $gender
$stmt = $conn->prepare statement may be return false.Please use given code for getting error in query.
if ($stmt = $conn->prepare('your query')) {
$stmt->bind_param(...);
}
else {
printf("Error=: %s\n", $conn->error);
}
As the title says Im trying to do a simple insert, but nothing actually is inserted into the table. I try to print out errors, but nothing is reported.
My users table has many more fields than these 4, but they should all default.
$query = 'INSERT INTO users (username, password, level, name) VALUES (?, ?, ?, ?)';
if($stmt = $db -> prepare($query))
{
$stmt -> bind_param('ssis', $username, $password, $newlevel, $realname);
$stmt -> execute();
$stmt -> close();
echo 'Any Errors: '.$db->error.PHP_EOL;
}
There are no errors given, but when I go to look at the table in phpmyadmin there is not a new row added. I know for sure that the types are correct (strings and integers). Is there something really wrong here or does it have something to do with the fact that I'm ignoring other columns. I have about 8 columns in the user table.
If you have turned auto commit off, you will have to explicitly call the commit method after you execute the query.
$stmt->execute();
$db->commit();
$stmt->close();
You have to check for errors at each stage of the process: When you connect, when you prepare the statement, when you bind, when you execute, and when you close. In your code, assuming the $db handle was properly created, the error check happens after the ->close() call, which should succeed, so there won't be any error at that point.
Something along these lines will show where things blew up:
$query = 'INSERT INTO users (username, password, level, name) VALUES (?, ?, ?, ?)';
$stmt = $db->prepare($query);
echo 'prepare error: ', $db->error, PHP_EOL;
$stmt->execute();
echo 'execute error: ', $db->error
etc....
Check if the string "Any Errors" is being printed. If not, then the statement:
if ($stmt = $db->prepare($query))
is returning false. You should move echo 'Any Errors: '.$db->error.PHP_EOL; outside of the conditional block.
Do u initialize the values of $username, $password, $newlevel, $realname before the
$stmt -> execute(); statement. Otherwise you have to initialize and try
$query = 'INSERT INTO users (username, password, level, name) VALUES (?, ?, ?, ?)';
if($stmt = $db -> prepare($query)){
$stmt -> bind_param('ssis', $username, $password, $newlevel, $realname);
$username='testname';$password='testpwd';$level=5;$realname='testrealname';
$stmt -> execute(); echo "inserted SuccessFully"; $stmt -> close(); }
else { printf("Prepared Statement Error: %s\n", $mysqli->error);}
try this code. If the query is executed successfully it show the "Inserted Successfully" otherwise it shows the error.