php / mysql prepared statement form issue INSERT INTO

Question

The code below takes in information from a form and sends it to mysql. It did so successfully (for category,contents,date, and userid) but recently I added a new column in the database called 'seclevel' that needs to be filled as well. I'm not seeing a logical reason why the addition of seclevel has broken the code, and I receive no errors in the log. It's just a user selected integer from 1-9 so unless I'm using $_POST['seclevel'] incorrectly I'm stumped. Any ideas?

send_post.php

<?php
include 'db_connect.php';
include 'functions.php';
sec_session_start();

$userId = $_SESSION['user_id'];
if(login_check($mysqli) == true) {

//Connecting to sql db.
$connect=mysqli_connect("localhost","mylogin","mypass","mydb");

header("Location: http://somekindasite.com/index_3.php");

if (mysqli_connect_errno()) { echo "Fail"; } else { echo "Success"; }

//Sending form data to sql db.
$stmt = $mysqli -> prepare('INSERT INTO opwire (category, contents, date, userid, seclevel) 
                            VALUES (?,?,NOW(),?,?)');
$stmt -> bind_param('ssi', $_POST['category'], $_POST['contents'], $userId, $_POST['seclevel']);
$stmt -> execute();
$stmt -> close();

} else {
   echo 'Access denied. <br/>';
}

?>

Here is the relevant form that submits to send_post.php

<html>
<div style="width:  330px;  height:  130px;  overflow:  auto;">
<form STYLE="color: #f4d468;" action="send_post.php" method="post">

    Category: <select STYLE="color: #919191; font-family: Veranda; font-weight: bold; font-size: 10px; background-color: #000000;" name="category">
<option value="1">1</option>
<option value="1">2</option>
<option value="1">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option STYLE="color: #c31717;" value="8">8</option>
<option value="Other">Other</option>
</select>

    Seclevel: <select STYLE="color: #919191; font-family: Veranda; font-weight: bold; font-size: 10px; background-color: #000000;" name="seclevel">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
</select> <br>

    <textarea overflow: scroll; rows="4" cols="60" STYLE="color: #919191; font-family: Veranda; font-weight: bold; font-size: 10px; background-color: #000000; width:300px; height:80px; margin:0; padding:0;" name="contents"></textarea><br>
    <input type="submit" STYLE="color: #919191; font-family: Veranda; font-weight: bold; font-size: 10px; background-color: #000000;" value="Create Log">
</form>
</div>
</html>

Answer 1

MySQLi's parameter binding has two parts, and you missed one of them. You need to add the type s for string or i for integer (or d double, b blob) into the first argument to bind_param() .

// Looks like you're adding another integer...
$stmt -> bind_param('ssii', $_POST['category'], $_POST['contents'], $userId, $_POST['seclevel']);
//---------------------^^^

Since mysqli_stmt::bind_param() returns FALSE on failure , you ought to put in some error checking.

if ($stmt->bind_param('ssii', $_POST['category'], $_POST['contents'], $userId, $_POST['seclevel'])) {
  $stmt->execute();
}
else {
  echo $stmt->error;
}

I'll also note that I would expect bind_param() to have issued a fatal error. When developing code, it's always recommended to crank up error reporting and show errors on screen.

error_reporting(E_ALL);
ini_set('display_errors', 1);