-1

I am practicing coding and am making a login system off of a video I watched off of YouTube. Everything works when I try to register an account, but the only problem is it gives me a small error stating this: Strict Standards: Only variables should be passed by reference in /home/login-name/public_html/login/register.php on line 9.

Register.php

<?php
require 'database.php';

if(!empty($_POST['username']) && !empty($_POST['password'])):
    $sql = "INSERT INTO users (username, password) VALUES (:username, :password)";
    $stmt = $conn->prepare($sql);

    $stmt->bindParam(':username', $_POST['username']);
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));

    if( $stmt->execute() ):
        die('Success');
    else:
        die('Fail');
    endif;
endif;
?>

<!DOCTYPE html>
<html lang="en">
    <head>
        <title>Register</title>
        <meta charset=utf-8>
        <link href="../css/register.css" rel="stylesheet">
        <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">
    </head>
    <body>
        <div class="header">
            <span class="header-logo"><a href="home">Abyssal Test</a></span>
        </div>
        <form action="register" method="POST">
            <input type="text" placeholder="Username" name="username">
            <input type="password" placeholder="Password" name="password">
            <input type="password" placeholder="Confirm Password" name="confirm_password">
            <input type="submit" name="register" value="Register">
            <span class="register-text">Already have an account? <a href="login">Login Here</a></span>
        </form>
    </body>
</html>
Abyssal
  • 35
  • 1
  • 8
  • just as the error states. and you need to rewrite this line `$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));` – Funk Forty Niner Feb 18 '17 at 22:53

2 Answers2

2

Change this line

$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));

To

$hash = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $hash);
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
1

As it states in the documentation of the function "bindParam" the second parameter of the function is a variable reference and you try to pass a function result instead. So you could store the result of the function in a variable and then pass it to the function 

$passwordHash=password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', $passwordHash);
knetsi
  • 1,601
  • 1
  • 16
  • 18