0

So my code look like this:

$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);

$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', sha1($_POST['password']));

if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;

Where the error is caused by this line:

$stmt->bindParam(':password', sha1($_POST['password']));

Hope someone can help me remove the 'Strict standards: Only variables should be passed by reference' error. Since its still executing everything.

Jonas Sadiaas
  • 11
  • 1

2 Answers2

2

bindParam takes a reference to the second argument instead of the value. This is done so changes to the variable value before executing the statement are recognized or, to rephrase it, so the value of the bound variable at execution time of the query is used, not the value the variable had when binding it.

References only work on variables - you cannot pass a reference to a function call. If you use a function call as second aprameter of bindParam, the value is passed instead of a reference, which is why everything keeps working - but it defeats the purpose of using a reference in the first place.

To fix the error message:

$passSha1 = sha1($_POST['password'])
$stmt->bindParam(':password', $passSha1);

// if you change passSha1 here, the new value will be used later
// in the execution of the statement

if( $stmt->execute() ): 
// ...
Johannes H.
  • 5,875
  • 1
  • 20
  • 40
  • 3
    An alternative solution is to use bindValue() instead. It behaves exactly as OP was expecting bindParam() to. – timdev Jun 05 '16 at 21:27
0

Have you tried extracting a variable? Something like this:

$passwordHash = sha1($_POST['password']);
$stmt->bindParam(':password', $passwordHash);
Misa Lazovic
  • 2,805
  • 10
  • 32
  • 38