Wednesday 13 February 2019

php - Prepared statement fails when it shouldn't



I have a signup form on my website and the following code should run whenever a new user signs up:



$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();

}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken");
exit();
}
else {

$hashedPwd = password_hash(PASSWORD_DEFAULT, $password);
$sql = "INSERT INTO users (`uidUsers`, `pwdUsers`, `phraseUsers`) VALUES(?,
?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "sss", $username, $hashedPwd,

$securityphrase);
mysqli_stmt_execute($stmt);
header("Location: ../login.php?signup=success");
exit();
}


The !mysqli_stmt_prepare error handler is triggered when it shouldn't be given the database circumstance, as well as the correct INSERT statement. Therefore I don't understand why it's triggered and I'm asking why?



There is a similar question here on



Answer



Thank you for your help, the problems where the password_hash order, it should be like this password_hash($var, PASSWORD_DEFAULT);. The second mistake I made was not including my $sql statements in the mysqli_stmt_prepare, it should be like this !mysqli_stmt_prepare($stmt, $sql).


No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...