Only variables should be passed by reference php - php

I checked similar questions here but it couldn't solve my problem. I'm creating a php user registration form and when I try to register I get this error: Strict standards: Only variables should be passed by reference in F:\wamp64\www\login\register.php on line 14
I tried it on PHP version 5.6 and 7.0 but the error is the same.
Line 14 is this:
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
Here is my entire code:
<?php
$server = 'localhost';
$username = 'root';
$password = 'root';
$database = 'auth';
try{
$conn = new PDO("mysql:host=$server;dbname=$database;", $username, $password);
} catch(PDOException $e) {
die( "Connection failed: " . $e->getMessage());
}
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute()):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
Any help is appreciated, thanks.

try
$pass = ':password';
$phash = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam($pass, $phash);

Related

Insert Into with PDO

I new with PHP, MySQL and PDO.
With a lot of search, I made this piece of code to insert a new user/customer with a password.
<?php
require_once '../../src/mysql/dbconfig.php';
try
{
$conn = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
echo "Connected to $dbname at $host successfully.";
}
catch (PDOException $pe)
{
die("Could not connect to the database $dbname :" . $pe->getMessage());
}
$stmt = $conn -> prepare($sql);
$email = $_POST['email'];
$password = $_POST['password'];
$stmt -> bindValue(":email", $email);
$stmt -> bindValue(":password", $password);
$sql = "INSERT INTO customer (email, password) VALUES (:email, SHA2(:password,512))";
$stmt -> execute();
$conn = null;
?>
<html>
<body>
Welcome <?php echo $_POST["email"]; ?><br>
Your password is: <?php echo $_POST["password"]; ?>
</body>
</html>
When I submit, go to another PHP page, say the user's email and password.
So when I do SELECT * FROM, I receive an empty SET.
(Basically, the Insert is not working, but on the PHP page, it says the information that was inserted in the INSERT)
What am I doing wrong?
Basically, what I was doing wrong was calling a statement after its values.
<?php
require_once '../../src/mysql/dbconfig.php';
try
{
$conn = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
echo "Connected to $dbname at $host successfully.";
}
catch (PDOException $pe)
{
die("Could not connect to the database $dbname :" . $pe->getMessage());
}
$sql = "INSERT INTO customer (email, password) VALUES (:email, SHA2(:password,512))";
$stmt = $conn -> prepare($sql);
$email = $_POST['email'];
$password = $_POST['password'];
$stmt -> bindValue(":email", $email);
$stmt -> bindValue(":password", $password);
$stmt -> execute();
$conn = null;
?>

Connect Error(2002)Connection refused (Heroku)

I have been trying to connect to my database (I used Xampp) and made a PHP trying to link the file to the "users" database that I made. There is an issue as whenever I click the "Register" button it has an error saying "Connect Error(2002)Connection refused." Any help would be appreciated!
PHP code
<?php
$name = $_POST['name'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$phone = $_POST['phone'];
if (!empty($name) || !empty($username) || !empty($password) || !empty($email) || !empty($phone)) {
$host = "localhost:80";
$dbUsername = "root";
$dbPassword = "";
$dbname = "pracdata";
//create connection
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
$SELECT = "SELECT email From users Where email = ? Limit 1";
$INSERT = "INSERT Into users (name, username, password, email, phone) values(?, ?, ?, ?)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$rnum = $stmt->num_rows;
if ($rnum==0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ssssii", $username, $username, $password, $email, $phone);
$stmt->execute();
echo "Your account has been registered!";
} else {
echo "This email is already linked to Preak account";
}
$stmt->close();
$conn->close();
}
} else {
echo "All fields are required";
die();
}
?>

PHP using Xampp : POST is not allowed error

when it try to submit the form content to the database i get the following error :
{"code":"MethodNotAllowedError","message":"POST is not allowed"}
I am using Dreamweaver cc 2017 and xampp v3.2.2 to run Apache and Mysql on windows 10.
html form :
<form action="register.php" id="form1" name="form1" method="post">
and register.php content is :
<?php
$hostname_conn = "localhost";
$database_conn = "hotels";
$username_conn = "root";
$password_conn = "";
$conn = mysqli_connect($hostname_conn, $username_conn, $password_conn) or trigger_error(mysqli_error(),E_USER_ERROR);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('$_POST[textfield]','$_POST[email]','$_POST[password]','$_POST[number]')";
$q2=mysqli_query($conn,$q1);
if(mysqli_query($conn,$q1))
{
$msg = 'User information saved successfully.';
}
else
{
$msg = 'Error: We encountered an error while inserting the new record.';
}
echo $msg;
mysqli_close($conn);
?>
</body>
</html>
using PDO:
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "hotels";
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$stmt = $conn->prepare("INSERT INTO users (username, email, password, number)
VALUES (:username, :email, :password, :number)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':number', $number);
$username = $_POST['textfield'];
$email = $_POST['email'];
$password = $_POST['password'];
$number = $_POST['number'];
$stmt->execute();
The problem is for syntax. Anyway you should to use good practices. Check this post How can I prevent SQL injection in PHP?
$username = $_POST["textfield"]; //unsafe
$username = mysql_real_escape_string($username); //safe
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$number = mysql_real_escape_string($_POST["number"]);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('".$username ."','".$email."','".$password."','".$number."')";
$q2=mysqli_query($conn,$q1);

Error with PDO in this script | The page turn blank

I'm having a strange problem using PDO in this script. Probably the problem is very simple but i can't find it and it is making me crazy.
The problem is when i launch the script the page turn blank.
<?php
//PDO
if(isset($_POST['submit'])) {
// test row
$password = $_POST['upassword'];
$email = $_POST['email'];
$_SESSION['email'] = $email;
$servername = "localhost";
$username = "root";
$password = "passwordxyz";
$dbname = "abcd";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $conn->prepare('SELECT `password` FROM `users` WHERE `email` = :email');
$statement->bindParam(':email', $email);
$statement->execute();
while($row = $statement->fetch() ){
echo 'ok';
}
}
}
?>
Please help me to solve the problem.
Thank you.
You have try clause but no catch which is what is generating the error.
<?php
//PDO
if(isset($_POST['submit'])) {
$password = $_POST['upassword'];
$email = $_POST['email'];
$_SESSION['email'] = $email;
$servername = "localhost";
$username = "root";
$password = "passwordxyz";
$dbname = "abcd";
try{
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $conn->prepare('SELECT `password` FROM `users` WHERE `email` = :email');
$statement->bindParam(':email', $email);
$statement->execute();
while($row = $statement->fetch() ){
echo 'ok';
}
}
catch(Exception $e){
//change from general to specific exception and handle here
}
}

php script echoing part of the php instead of what intended [duplicate]

This question already has answers here:
PHP code is not being executed, but the code shows in the browser source code
(35 answers)
Closed 2 years ago.
I'm having trouble with php script that I've created to insert instances into a database, however I'm getting a trivial output and i dont know how to fix it. the code is:
<?php
try{
$user = 'root';
$pass = null;
$pdo = new PDO('mysql:host=localhost; dbname=divebay', $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$username = $_POST['username'];
$password = sha1($_POST['password']);
$location = %_POST['location'];
$email = $_POST['email'];
$name = $_POST['fname'] . " " . $_POST['surname'];
$check = $pdo->prepare('SELECT * FROM user WHERE username=?');
$check->bindValue(1, $username);
$check->execute();
if($check->fetch(PDO::FETCH_OBJ)){
echo "Account name already exists";
}
else{
$stmt = $pdo->prepare('INSERT INTO user(username, password, location, email, name)
VALUES(:username, :password, :location, :email, :name)');
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':location', $location, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
if($stmt->execute()){
echo "Account created";
}
else{
echo "Account could not be created";
}
}
$pdo = null;
}catch(PDOException $e){
echo $e->getMessage();
}
?>
i would expect the output to be something like "Account created". Instead the output I'm getting this error:
setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $username =
$_POST['username']; $password = sha1($_POST['password']);
$location = %_POST['location']; $email = $_POST['email']; $name =
$_POST['fname'] . " " . $_POST['surname']; $check =
$pdo->prepare('SELECT * FROM user WHERE username=?');
$check->bindValue(1, $username); $check->execute();
if($check->fetch(PDO::FETCH_OBJ)){ echo "Account name already exists";
} else{ $stmt = $pdo->prepare('INSERT INTO user(username, password,
location, email, name) VALUES(:username, :password, :location, :email,
:name)'); $stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':location', $location, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
if($stmt->execute()){ echo "Account created"; } else{ echo "Account
could not be created"; } } $pdo = null; }catch(PDOException $e){ echo
$e->getMessage(); } ?>
whats going wrong with this script to cause this?
The only way you'd get that output is if you had written:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
as:
$pdo?>setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
by mistake.
YOU HAVE a % INSTEAD OF $ on %_POST['location']
RECOMMENDATION:
Also I HIGHLY recommend wrapping the PDO functions into a class. Here is what I use personally in every single project:
save this to it's own file (ex:sql.class.php)
<?php
class SqlIt{
public $Sql;
public $Response;
private $Host;
private $DBname;
private $User;
private $Pass;
public $NumResults;
public function __construct($Sql, $type, $vars){
if($vars == ""){
$vars = array();
}
try{
$DB = $this->db_connect();
$DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$STH = $DB->prepare($Sql);
$doit = $STH->execute($vars);
$this->Result = $doit;
}
catch(PDOException $e){
echo $e->getMessage();
}
//find function to run
switch($type){
case 'select':
$this->select($STH);
break;
}
}
public function select($query){
$rows = $query->rowCount();
$this->NumResults = $rows;
while($row = $query->fetchObject()){
$this->Response[] = $row;
}
}
//create a separate function for connecting to DB. Private to only this class.
private function db_connect(){
$this->User = 'root';
$this->Pass = '';
$DBH = new PDO("mysql:host=localhost;dbname=divebaby", $this->User, $this->Pass);
return $DBH;
}
}
?>
Then to actually run the statement you placed above you simply right the following code:
$username = $_POST['username'];
$password = sha1($_POST['password']);
$location = $_POST['location'];
$email = $_POST['email'];
$name = $_POST['fname'] . " " . $_POST['surname'];
$getUser = new SqlIt("SELECT * FROM user WHERE username=?","select",array($username));
if($getUser){
echo 'Account name already exists';
}else{
$insertUser = new SqlIt("INSERT INTO user (username,password,location,email,name) VALUES (?,?,?,?,?)","insert",array($username,$password,$location,$email,$name));
if($insertUser){
echo 'Account created!';
}else{
echo 'Account not created.';
}
Missing <?php at the beginning of one of your pages that contains that code with the first line of setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Categories