-1
include 'connect.php';
     if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass) VALUES (mysql_real_escape_string ($_POST['user_name'], sha1($_POST['user_pass']")) 
     {
            $stmt->bind_param("ss", $user_name, $user_pass);
            $stmt->execute();
            $stmt->close();
     }

I get this error on the line of code above, I've been staring at it for ages but can't figure out what's wrong. I'm new to PHP, MySQL and HTML. Please help me.

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\signup.php on line 77
user71032
  • 11
  • 3
  • its due to the improper concatenation on ur query..check http://stackoverflow.com/questions/9583035/unexpected-t-encapsed-and-whitespace-expecting-t-string-or-t-variable-or-t-num – Avinash Babu Sep 14 '14 at 16:54
  • 1
    Your code contains multiple errors, you should read more about PHP's syntaxis. – MC Emperor Sep 14 '14 at 17:03

1 Answers1

2

The good thing is you are trying to prepare, the bad news is you doing it wrong:

$username = $_POST['user_name'];
$password = $_POST['user_pass'];

$query = "INSERT users (user_name, user_pass) VALUES (?,  sha1(?)) ";
/* create a prepared statement */
if ($stmt = $mysqli->prepare($query)) {

    /* bind parameters for markers */
    $stmt->bind_param("ss", $username, $password);

    /* execute query */
    $stmt->execute();

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();

issues:

  • mysql_real_escape_string is deprecated
  • mysqli_real_escape_string would be useless
  • Your string concatenation is wrong
meda
  • 45,103
  • 14
  • 92
  • 122
  • This is what I get with that script: Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\signup.php on line 85 Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\signup.php on line 86 – user71032 Sep 14 '14 at 17:01
  • @user71032 oops, see my edit – meda Sep 14 '14 at 17:06