7

The following is my PHP code. 

<?php
session_start();

if(isset($_SESSION['user_id'])) {
    header("Location: /");
}

require 'database.php';

$message = '';

    if(!empty($_POST['email']) && !empty($_POST['password'])):
        //Enter the new user in the database.
        $sql ="INSERT INTO users (email, password) VALUES(:email, :password)";
        $stmt = $conn->prepare($sql);

        $stmt->bindParam(':email', $_POST['email']);
        $stmt->bindParam(':password',password_hash($_POST['password'], PASSWORD_BCRYPT));
        if ($stmt->execute()):
            $message = 'successfully created new user';
        else:
            $message = 'Sorry there must have been an issue creating your an account.';
        endif;
    endif;

It shows an error saying that:

Notice: Only variables should be passed by reference in C:\xampp\htdocs\auth\register.php on line 17

On line 17, this following code lies:

$stmt->bindParam(':password',password_hash($_POST['password'], PASSWORD_BCRYPT));

Any idea what the problem is and what Only variables should be passed by reference means?

Nisse Engström
  • 4,738
  • 23
  • 27
  • 42
S. Shrestha
  • 79
  • 1
  • 3
  • 9

3 Answers3

11

bind_param takes values by reference. It does this by looking at the variable you're passing and pointing at the innards directly.

In your call, you're returning the string result of a function call - password_hash in this case. Because there's no variable involved, there are no innards to point to. PHP is whining about not being able to pass the data by reference as a result.

You will need to stick the result of the function call into a variable, then pass that variable into the bind instead.

Try this:

$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password',$password );

Credit: Here

Community
  • 1
  • 1
Cristofor
  • 2,077
  • 2
  • 15
  • 23
  • It may not be entirely a case of "whining" I found that adding this step also stopped some problems related to quotes in a string variable – Jeremy Young Aug 10 '20 at 08:01
5
    $hashedpassword = password_hash($_POST['password'], PASSWORD_BCRYPT);
    $stmt->bindParam(':password',$hashedpassword );
-1

First make 

$password = password_hash($_POST['password'], PASSWORD_BCRYPT);

Then this 

$stmt->bindParam(':password',$password );
S.I.
  • 3,250
  • 12
  • 48
  • 77