无法使用PHP中的准备好的语句将数据插入数据库，未报告错误

Question

I'm trying to create a registration form that stores the users entered data into an MySQL database. I was able to get it to work by manually setting the values, but learned that it was best to use prepared statements. This is what my PHP code looks like:

<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "accounts";

//Creating a new connection to the database
$connection = new mysqli($servername, $username, $password, $dbname);

//Checking the connection
if ($connection->connect_error) {
    die("Connection failed: " . $connection->connect_error);
}

//SQL string used to insert the data into the database
$sql = "INSERT INTO users (name, email, password) VALUES (?, ?, ?)";

$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
    echo "Failed";
} else {
    mysqli_stmt_bind_param($stmt, "sss", $_POST["name"], $_POST["email"], $_POST["passowrd"]);
    mysqli_stmt_execute($stmt);
}
?>

And this is the HTML:

<div id="wrapper">
    <div id="formContent">
        <h3>Complete the following form to register an account:</h3>

        <form class="register" action="registration.php" method="post">

            Email: <input type="email" name="email" required> <br></br>
            Name: <input type="name" name="name" required> <br></br>
            Password: <input type="password" name="password" required> <br></br>
            Confirm Password: <input type="password" name="confirmed_password" required> <br></br>
            <input type="submit" name="submit">

        </form>
    </div>
</div>

The listed code returns no error but the database is not updated. I have been busting my head for some time now, so any help is appreciated.

Answer 1

First, you have a typo for password (you have $_POST['passowrd'] ) and second, this is based on the example from the documentation:

# Prepare (use the OOP version of this library)
$query  =   $connection->prepare("INSERT INTO users (`name`, `email`, `password`) VALUES (?, ?, ?)");
# Bind parameters and spell "password" correctly
$query->bind_param('sss', $_POST['name'], $_POST['email'], $_POST['password']);
# Execute
$query->execute();
# See if the row was created and echo success
echo ($query->affected_rows > 0)? 'Success!' : 'Failed';

You should be using password_hash() (storing) and password_verify() (validating) or a bcrypt equivalent library (if your version of php doesn't have those native functions). When using these functions, make sure your password column has like 255 character length so not as to cut off the password hash.