Wanting to encrypt a particular data variable but keep getting "PHP Fatal error: Call to undefined function AES_ENCRYPT()..."
Research has lead me to a hint that it's using PHP instead of MySQL?
$key="xyz";
$stmt = mysqli_prepare($mysqli, "INSERT INTO details (FirstName, LastName, EncryptThis) VALUES (?,?,?)");
if ($stmt === false) {
trigger_error('Statement failed! ' . htmlspecialchars(mysqli_error($mysqli)), E_USER_ERROR);
}
$bind = mysqli_stmt_bind_param($stmt, "sss", $FirstName, $LastName, AES_ENCRYPT('$EncryptThis','$key'));
if ($bind === false) {
trigger_error('Bind param failed!', E_USER_ERROR);
}
$exec = mysqli_stmt_execute($stmt);
Am using varbinary in the DB...
Have tried various uses of
AES_ENCRYPT('$EncryptThis','$key')
EG
AES_ENCRYPT($EncryptThis,$key)
etc etc
MySQL is expecting values to be be passed as bind parameters. Not names of functions or other SQL expressions. Just values.
If you want to invoke the MySQL AES_ENCRYPT function, that needs to be appear as part of the SQL text (the string prepared as a SQL statement). The name of the function can't be passed as a part of a bind parameter.
Like this:
"INSERT ... VALUES ( ? , ? , AES_ENCRYPT( ? , ? ) )"
mysqli_stmt_bind_param($stmt, "ssss", $FirstName, $LastName, $EncryptThis, $key);
Related
I have this code in MyFile.php
$db= mysqli_connect("host","user","pw","db");//connect to db
if (mysqli_connect_errno($con))//check connection
{echo "Failed to connect to MySQL: " . mysqli_connect_error();}
//Create a token for the unique link
$title= $_GET[apt_title];
$email= $_GET[mail_address];
$token = sha1(uniqid($email, true));
$time = $_SERVER["REQUEST_TIME"];
//prepare the query to be executed
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt, tstamp) VALUES (?, ?, ?, ?)"
);
$query->execute(
array(
$title,
$email,
$token,
$time
)
);
Error message:
Warning: mysqli_stmt::execute() expects exactly 0 parameters, 1 given in /websites
How should I call execute() the right way?
Because mysqli::execute() does not accept any parameters. Before calling it, you have to prepare the query and then bind the params to the query. Then you have to call the execute() method. So try like this:
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt) VALUES (?, ?, ?, ?)"
);
$query->bind_param('ssss', $title, $email, $token, $time);
$query->execute();
For more check the documentation
Passing parameters in execute() is available only as of PHP 8.1. You need to upgrade your PHP version or use the old bind_param().
you need to bind params before executing the query,
in procedural way do like this
mysqli_stmt_execute($stmt);
if you are doing it like object oriented way after binding params
/* Execute the statement */
$stmt->execute();
Docs link.
http://www.php.net/manual/en/mysqli-stmt.execute.php
If you look at the manual for mysqli::execute(), you'll see that it does not accept any parameters.
bool mysqli_stmt::execute ( void )
Instead, you should use mysqli::bind_param to bind your parameters.
I am creating a user registration system, and I am at the point where I start modifying the database i get the error
"Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /opt/lampp/htdocs/Projectss/01_sarah/index.php on line 41
"
I have tried using every single method in php documentation concerning adding data to the database
here is some code
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES('$first_name','$last_name','$email','$hash_password')";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo mysqli_error($conn);
}
$stmt->bind_param('ssss', $query);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
}
The expected result should is to not receive any warning after saving the information to the database
You're passing complete query in the bindParam and also passing the values in the query instead of this you need to pass the parameters in the bindParam like this..
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES(?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$stmt->bind_param('ssss', $first_name, $last_name, $email, $hash_password);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
I have this code in MyFile.php
$db= mysqli_connect("host","user","pw","db");//connect to db
if (mysqli_connect_errno($con))//check connection
{echo "Failed to connect to MySQL: " . mysqli_connect_error();}
//Create a token for the unique link
$title= $_GET[apt_title];
$email= $_GET[mail_address];
$token = sha1(uniqid($email, true));
$time = $_SERVER["REQUEST_TIME"];
//prepare the query to be executed
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt, tstamp) VALUES (?, ?, ?, ?)"
);
$query->execute(
array(
$title,
$email,
$token,
$time
)
);
Error message:
Warning: mysqli_stmt::execute() expects exactly 0 parameters, 1 given in /websites
How should I call execute() the right way?
Because mysqli::execute() does not accept any parameters. Before calling it, you have to prepare the query and then bind the params to the query. Then you have to call the execute() method. So try like this:
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt) VALUES (?, ?, ?, ?)"
);
$query->bind_param('ssss', $title, $email, $token, $time);
$query->execute();
For more check the documentation
Passing parameters in execute() is available only as of PHP 8.1. You need to upgrade your PHP version or use the old bind_param().
you need to bind params before executing the query,
in procedural way do like this
mysqli_stmt_execute($stmt);
if you are doing it like object oriented way after binding params
/* Execute the statement */
$stmt->execute();
Docs link.
http://www.php.net/manual/en/mysqli-stmt.execute.php
If you look at the manual for mysqli::execute(), you'll see that it does not accept any parameters.
bool mysqli_stmt::execute ( void )
Instead, you should use mysqli::bind_param to bind your parameters.
I need to get the last row that I inserted using PDO in PHP. I've been searching and I've found PDO::lastInsertId but it doesn't work on Oracle.
What alternatives I have? Other ways to do that? I think to get the current value of the sequence (in that table I use a sequence to increment the ID) using PDO but I don't know if I can.
Update 1:
Here's my code.
static function insertarProveedor($name, $address, $phone, $email) {
$con = conexionBD();
try {
$stmt = $con->prepare("INSERT INTO Proveedores (NOMBRE, DIRECCION, TELEFONO, EMAIL) VALUES (?, ?, ?, ?)
RETURNING OID_PROVEEDOR INTO :id");
$stmt->bindParam(1, $nombre);
$stmt->bindParam(2, $direccion);
$stmt->bindParam(3, $telefono);
$stmt->bindParam(4, $correo);
$stmt->bindParam('OID_PROVEEDOR', $id, PDO::PARAM_INT, 8);
} catch (PDOException $e) {
echo "Error".$e->GetMessage();
}
return $id;
}
I got the following message error:
ErrorSQLSTATE[HY093]: Invalid parameter number: mixed named and
positional parameters
Notice: Undefined variable: id in D:\xampp\htdocs\Gestor\include\inserciones.inc on line 43
The line 43 is return $id;
you can use the oracle specific returning id into var method
$query = "INSERT INTO employees (name) VALUES ('Jones') RETURNING employee_no INTO :employee_no";
$stmt = $pdo->prepare($query);
$stmt->bindParam('employee_no', $employee_no, PDO::PARAM_INT, 8);
$stmt->execute();
Then the $employee_no will have the last id.
One alternative would be to first retrieve the next value from the sequence and then use it in the insert statement.
Hello all i have this script and i will not insert into the database and i get no errors :S, do you know what it is?
function createUser($username, $password) {
$mysql = connect();
if($stmt = $mysql->prepare('INSERT INTO users (username, password, alder, hood, fornavn, efternavn, city, ip, level, email) VALUES (?,?,?,?,?,?,?,?,?,?)')) {
$stmt->bind_param('ssssssssss',$username,$password, $alder, $hood, $fornavn, $efternavn, $city, $ip, $level, $email);
$stmt->execute();
$stmt->close();
} else {
echo 'error: ' . $mysql->error;
}
Maybe you get an error from the $stmt->execute(); call? Check $stmt->error (which is a string) just before you run $stmt->close();
Maybe some of your values should not be strings, such as the level and/or hood parameters? They look like typical integer parameters.