stackoom
  简体   繁体   中英

PHP Registration script using prepared statements

 原文  2013-11-13 18:00:10       php/ mysqli

Question

I have got the following registration code, it SEEMS to be working but it isn't actually inserting the entered information into my table. It all runs with no errors showing up, and the "echo 'end';" is displaying.

Edit, updated code: Now get this error

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\\xampp\\htdocs\\ppa\\test.php on line 19

Which is this line: 

$insert_stmt->bind_param($email, $password, $random_salt, $user);

PHP: 

   <?php
include "includes/db_connect.php";

if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    //Default user perms
    $perms = "user";

    $password = hash('sha512', $_POST['p']); //Need to add JavaScript to hash password before it gets here
    //Create random salt
    $random_salt = hash('sha512', uniqid(mt_rand(1, getrandmax()), true));

    //Create salted password
    $password = hash('sha512', $password.$random_salt);

    //Add insert to database script
    //Use prepared statements!
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (email, password, salt, perms) VALUES (?, ?, ?, ?)")) {
        $insert_stmt->bind_param($email, $password, $random_salt, $perms);
        $insert_stmt->execute();
    }
    echo "Email: ".$email."<br />";
    echo "Password: ".$password."<br />";
    echo "Random Salt: ".$random_salt."<br />";
    echo "Permissions: ".$perms."<br />";
}
?>

This is my db_connect.php page 

<?php
define("HOST", 'localhost');
define("USER", 'ppa_user');
define("PASSWORD", 'password');
define("DATABASE", 'ppa');

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);

if ($mysqli->connect_errno) {
    //No database found, redirect to setup
    $url = "http://".$_SERVER['HTTP_HOST'].'/ppa/setup.php';
    header('Location: '.$url);
}
?>

3 answers

solution1
 1  2013-11-13 18:05:06

Replace the following: 

//Add insert to database script
    //Use prepared statements!
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (email, password, salt, perms) VALUES (?, ?, ?, ?)"));
    $insert_stmt->bind_param('ssss', $_POST['email'], $password, $random_salt, $user);

//Execute the prepared query
$insert_stmt->execute();
echo "end";

with: 

//Add insert to database script
//Use prepared statements!
if ($insert_stmt = $mysqli->prepare("INSERT INTO users (email, password, salt, perms) VALUES (?, ?, ?, ?)")) {
    $insert_stmt->bind_param($_POST['email'], $password, $random_salt, $user);
    $insert_stmt->execute();
    echo "end";
}

solution2
 1  2013-11-13 18:15:20

check this 

if ($insert_stmt = $mysqli->prepare("INSERT INTO users (email, password, salt, perms) VALUES (?, ?, ?, ?)"));
$insert_stmt->execute(array($_POST['email'], $password, $random_salt, $user));

solution3
 1 ACCPTED  2013-11-13 18:41:39

为了解决这个问题,OP需使用以下代码得出结论: 

$insert_stmt->bind_param("ssss", $email, $password, $random_salt, $perms);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Coverting PHP login script to use prepared statements PHP - file not uploaded into the database using prepared statements MySQL & PHP Update issue, using prepared statements Is there any difference in these prepared statements using PHP and MYSQL? PHP: Injection protection using prepared statements Using prepared statements with SQLite3 and PHP Using MySQL functions in PHP PDO prepared statements Using HTML forms and PHP prepared statements Writing to mysql using php and prepared statements PHP error with prepared statements using OOP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM