Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in on line 64
I've found multiple other posts with this problem, but the solutions I've tried haven't made a difference.
Things like stmt_close() or stmt_free() didn't make a difference.
So here is my actual code snippet:
1st prepare and execute:
// Connect to database
$mysqliID = mysqli_connect($mysqliHost, $mysqliUsername, $mysqliPassword);
if (!$mysqliID) throw new Exception("");
if (!mysqli_select_db($mysqliID, $mysqliDB)) throw new Exception("");
// Check if the username or email address aren't already accupied.
$stmt = mysqli_prepare($mysqliID, "SELECT id FROM Account WHERE username=? OR email=?");
mysqli_stmt_bind_param($stmt, "ss", $username, $email);
if (!mysqli_stmt_execute($stmt)) throw new Exception("");
$duplicates = 0;
mysqli_stmt_bind_result($stmt, $duplicateid);
while (mysqli_stmt_fetch($stmt))
{
die ("error:-gebruikersnaam of email al in gebruik.");
}
2nd prepare and execute:
// Save account with salted and hashed password.
include "PasswordHash.php";
$hashResult = create_hash($password);
$hashResultSplitted = explode(":", $hashResult);
$salt = $hashResultSplitted[2];
$hash = $hashResultSplitted[3];
$verified = 0;
$stmt = mysqli_prepare($mysqliID, "INSERT INTO Account (username, hash, salt, email, verified) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, "ssssi", $username, $hash, $salt, $email, $verified);
if (!mysqli_stmt_execute($stmt)) throw new Exception("");
3rd and last prepare and execute:
// Save verification token.
$token = bin2hex(random_bytes(16));
$expirationtime = time() + (15 * 60);
$accountid = mysqli_insert_id($mysqliID);
$stmt = mysqli_prepare($mysqliID, "INSERT INTO Verifications (token, expirationtime, accountid) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, "sii", $token, $expirationtime, $accountid);
if (!mysqli_stmt_execute($stmt)) throw new Exception("");
So in the 3rd and last block of code, I get the warning at the mysqli_prepare, but the previous two were successfully done.
Solution:
Turned out the table named Verifications should have been Verification. Found by just good reading and looking after I've had some sleep.
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 3 years ago.
The problem I am facing is that I am not able to take the users id and send it through.
Here is the code.
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
$stmt = $con->('SELECT id from tblusers where user=?');
$user=$_POST['username'];
$stmt->bind_param('s' $user);
$stmt->execute();
$stmt -> bind_result($id);
$stmt = $con->prepare('INSERT INTO tblbtc (id) VALUES (?)');
$stmt->bind_param('i', $id);
$stmt->execute();
header('location: ../../home/index.php');
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
}
$stmt->close();
}
Here is also a error message I get
Parse error: syntax error, unexpected '(', expecting identifier (T_STRING) or variable (T_VARIABLE)
This code down below works without the two extra added mysql statements.
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
header('location: ../../home/index.php');
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
}
$stmt->close();
}
The expected results of this code it to create the user which works and then to take the users id and also create columns on the tblbtc with the userid/.
You can get the inserted user id using mysqli::inserted_id
see the code below
<?php
if ($stmt = $con->prepare('INSERT INTO tblusers (user, password, token) VALUES (?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$token = password_hash($_POST['token'], CRYPT_BLOWFISH);
$password = password_hash($_POST['password'], CRYPT_BLOWFISH);
$stmt->bind_param('sss', $_POST['username'], $password, $token);
$stmt->execute();
$user_id = $stmt->insert_id;
if($user_id)
{
$stmt = $con->prepare('INSERT INTO tblbtc (id) VALUES (?)');
$stmt->bind_param('i', $user_id);
$stmt->execute();
header('location: ../../home/index.php');
}
else{
echo ('Could not prepare statement!');
}
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo ('Could not prepare statement!');
}
$stmt->close();
I am creating a user registration system, and I am at the point where I start modifying the database i get the error
"Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /opt/lampp/htdocs/Projectss/01_sarah/index.php on line 41
"
I have tried using every single method in php documentation concerning adding data to the database
here is some code
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES('$first_name','$last_name','$email','$hash_password')";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo mysqli_error($conn);
}
$stmt->bind_param('ssss', $query);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
}
The expected result should is to not receive any warning after saving the information to the database
You're passing complete query in the bindParam and also passing the values in the query instead of this you need to pass the parameters in the bindParam like this..
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES(?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$stmt->bind_param('ssss', $first_name, $last_name, $email, $hash_password);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
It registers the user successfully. But when I check it on my database, all of the values are 0s. What's the problem?
here's the function code:
public function insertUser($email, $firstName, $lastName, $encryptedPassword, $salt)
{
//SQL language - command to insert data
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//preparing SQL for execution by checking the validity
$statement = $this->conn->prepare($sql);
//if error
if (!$statement)
{
throw new Exception(($statement->error));
}
//assigning variables instead of '?', after checking the preparation and validity of the SQL command
$statement->bind_param('sssss', $email, $firstName, $lastName, $encryptedPassword, $salt);
//result will store the status/result of the execution of SQL command
$result = $statement->execute();
return $result;
}
The parameters for the function get set with the correct values when called, I tested it
I'm pretty new to PHP. If i correct my function, it doesn't create a new user. It doesn't even print out anything in the browser window. Here's the piece of code that calls this one (maybe it helps you with finding the solution):
$result = $access->insertUser($email, $firstName, $lastName, $encryptedPassword, $salt);
//result is positive
if ($result)
{
//throw back the user details
$return['status'] = '200';
$return['message'] = 'Successfully registered';
$return['email'] = $email;
$return['firstName'] = $firstName;
$return['lastName'] = $lastName;
echo json_encode($return);
$access->disconnect();
}
Your query is wrong.
//columns are declared here
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//you do not need to declare your columns again
Simple change your query to
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
Also, it appears as though you are storing your password and the salt separately, that tells me you are rolling your own hashing algorithm, there isn't really a need for this. I would remove your salt column, and use password_hash() for your password column.
remove the column=?
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
the code
column=?
in your value assignment is evalued as boolean condition that return false (0)
I want to perform a select query on my users table with sqli in php.
For security reasons (sql injection) i want to do it using parameter(s).
Also i want to store the result in a php variable.
This is my code:
the $conn variable is filled in correctly.
$login = $_POST['username'];
//Check if username is available
/*Line44*/ $stmt = $conn->prepare("SELECT login FROM users WHERE login = ?");
/*Line45*/ $stmt->bind_param('s', $login);
$result = $stmt->execute();
if ($result->num_rows > 0)
{
echo "This username is in use.";
}
else
{
//Add account to database
$stmt = $conn->prepare("INSERT INTO users (login, password, email, gender) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $login, $md5pass, $email, $gender);
$stmt->execute();
$stmt->close();
echo "<font color=\"#254117;\">Your account is succesfully geregistered! <br />U can now login!</font>";
}
I get this error:
Warning: mysqli::prepare() [mysqli.prepare]: Couldn't fetch mysqli in
C:\xampp\htdocs\cammerta\registreer.php on line 44
Fatal error: Call to a member function bind_param() on a non-object in
C:\xampp\htdocs\cammerta\registreer.php on line 45
I hope someone can provide an solution and explain to me what i did wrong.
Thanks in advance!
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);
$stmt->execute();
Plus
1.Please run query in phpmyadmin or any program
2.Maybe you not set variables. $login, $md5pass, $email, $gender
$stmt = $conn->prepare statement may be return false.Please use given code for getting error in query.
if ($stmt = $conn->prepare('your query')) {
$stmt->bind_param(...);
}
else {
printf("Error=: %s\n", $conn->error);
}
This code is used to login using authentication , session management. error comes in 15th line of code which is fatal error: call to a member function bindParam() on non-object. i am not understanding that where is the mistake done by me. please help me.
<?php
// Sanitize incoming username and password
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$pwd= md5($password);
// Connect to the MySQL server
$db = new mysqli("localhost", "root", "", "login");
// Determine whether an account exists matching this username and password
$stmt = $db->prepare("SELECT id FROM accounts WHERE username =$username and password =$pwd");
// Bind the input parameters to the prepared statement
// the error comes in this line
$stmt->bindParam('ss', $username, $pwd);
// Execute the query
$stmt->execute();
// Store the result so we `enter code here`can determine how many rows have been returned
$stmt->store_result();
if ($stmt->num_rows == 1) {
// Bind the returned user ID to the $id variable
$stmt->bind_result($id);
$stmt->fetch();
// Update the account's last_login column
$stmt = $db->prepare("UPDATE accounts SET last_login = NOW() WHERE id=$id");
$stmt->bind_param('d', $id);
$stmt->execute();
$_SESSION['username'] = $username;
// Redirect the user to the home page
header('Location: home.php');
}
?>
$stmt = $db->prepare("SELECT id FROM accounts WHERE username =$username and password=$pwd");
$stmt->bindParam('ss', $username, $pwd);
You're binding a parameter that does not exist. You're also trying to bind two parameters with a single call.
Docs for the relevant function
Sample (taken from php.net) :
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
[edit]
Looks like this was actually about mysqli. Relevant doc
Relevant sample:
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);